Data Privacy + Security Insider

Follow:

Data Privacy + Security Insider Blogs

Data Privacy + Security Insider

Blog Authors

Guest Contributor
Kevin Daly
Robinson+Cole's Data Privacy + Cybersecurity Team
Kathleen Dion
Jennifer Driscoll
Jennifer Driscoll
Conor Duffy
Matt
Linn Foster Freedman
Kathleen Healy
Daniel Lass
Sarah Mahon
Jim Merrifield
Seth Orkand
Roma Patel
Kathleen Porter
Kathryn Rattigan

Latest from Data Privacy + Security Insider

In a big win for businesses, a California federal court just held that a “tester” plaintiff—someone who visits websites to initiate litigation—cannot bring a claim under the California Invasion of Privacy Act (CIPA). Rodriguez v. Autotrader.com, Inc., No. 2:24-cv-08735, 2025 WL 65409 (C.D. Cal. 1.8.25). Tester plaintiffs have started to focus on consumer protection statutes

SentinelOne researchers have discovered AkiraBot, which is used to target small- to medium-sized company websites with generative AI, and drafted outreach messages for website chats, comments, and contact forms. SentinelOne estimates that over 400,000 websites have been targeted, and the bot has successfully spammed “at least 80,000 websites since September 2024.”

The bot generated

Video game developer Ubisoft, Inc. came out on top earlier this month in the Northern District of California when a judge dismissed, with prejudice, a class action claiming that the company’s use of third-party website pixels violated privacy laws. The judge concluded that the “issue of consent defeat[ed] all of Plaintiffs’ claims.” Lakes v. Ubisoft, Inc.,

We often cover consumer class action complaints against companies regarding the privacy and security of personal information. However, litigation can also arise from alleged breach of contract between two companies. This week, we will analyze a medical diagnostic testing laboratory’s April 2025 complaint against its managed services provider for its alleged failure to satisfy its

BleepingComputer has confirmed the rumor that Oracle has suffered a compromise affecting its legacy environment, including the compromise of old customer credentials (originally denied by Oracle). Oracle notified some affected clients that old legacy data from Oracle Classic (last used in 2017) was involved in the incident. BleepingComputer has reportedly had direct contact with the

Wired has reported that several government officials involved in the Signal chat exposing sensitive national security plans have also exposed their Venmo accounts by not adjusting their account privacy settings to prohibit the information from being publicly accessible. This means that they “left not only their contact lists publicly visible but also their transactions, which

This week, the California Privacy Protection Agency (CPPA) board held its April meeting to discuss the latest set of proposed regulations, including automated decision-making technology (ADMT) regulations. Instead of finalizing these rules, the board continued its debate and considered further amendments to the draft regulations. Notably, some members proposed changing the definition of ADMT and

Yahoo’s ConnectID is a cookieless identity solution that allows advertisers and publishers to personalize, measure, and perform ad campaigns by leveraging first-party data and 1-to-1 consumer relationships. ConnectID uses consumer email addresses (instead of third-party tracking cookies) to produce and monetize consumer data. A lawsuit filed in the U.S. District Court for the Southern District