The Federal Trade Commission is taking action against Illuminate Education after investigators found the popular school software provider failed to secure sensitive student records, a lapse that led to a major hack affecting more than 10 million children across the United States.
The Federal Communications Commission is reversing a cybersecurity action it took earlier this year, pulling back a Declaratory Ruling that the agency now says misread federal law and would not have made U.S. networks any safer. The FCC also withdrew a related rule-making proposal built on that same interpretation.
California’s privacy regulator is sharpening its focus on the data broker industry, creating a new enforcement strike force to investigate how companies collect, sell, and manage personal information across the state. The effort marks one of the agency’s most concentrated pushes yet to bring more visibility, and accountability, to a sector often operating out of public sight.
DoorDash has disclosed a data breach after a social engineering scam tricked one of its employees, allowing an unauthorized party to access user information across its platform. The company says the exposed data included names, email addresses, phone numbers, and physical addresses, though it declined to say how many people were affected.
Californians are about to gain one of the most sweeping digital privacy tools in the country. The California Privacy Protection Agency (CalPrivacy) confirmed at last week’s Board meeting that the state’s Office of Administrative Law has approved regulations to implement the Delete Act, a move that paves the way for a single-click mechanism allowing residents to wipe their personal information from hundreds of data brokers.
New Zealand’s privacy regulator is sounding the alarm as privacy complaints and serious breach notifications surge across the country. In its latest Annual Report, the Office of the Privacy Commissioner warned that New Zealanders’ rising anxiety about personal data isn’t just theoretical anymore, it reflects a real increase in harm.
After a bruising year of cyber incidents that exposed the fragility of the UK’s digital defenses, the government has presented its long-awaited Cyber Security and Resilience Bill to Parliament, a huge step intended to move the country from guidance to enforcement in its approach to cyber risk.