Photo of Courtland Cuevas

Courtland Cuevas

Subscribe to Courtland Cuevas's Posts

Key Takeaways:

  • CPPA launched its first major enforcement action in targeting connected vehicle-maker Honda.
  • Connected vehicles often collect various kinds of sensitive driver information, including geolocation, biometric and behavioral data.
  • After the CPPA found Honda in violation of several CCPA provisions, the company agreed to settle the enforcement action for approximately $650,000 while also agreeing to adopt certain remedial measures.
  • Other Connected vehicle-makers have also experienced a spike in regulatory scrutiny, signaling rising enforcement pressure and growing expectations for privacy-by-design.

Key Takeaways:

  • Ed tech company PowerSchool’s recent breach exposed the data of approximately 60 million students and 10 million educators.
  • Hacker gained access via a compromised employee password and remained undetected for nine days.
  • Sensitive personal data, including Social Security numbers and medical histories, was potentially compromised, raising a number of legal and regulatory concerns.
  • The breach underscores the urgent need for stronger third-party oversight and security requirements.

2024 marked another significant year for privacy law, with new state legislation and high-stakes litigation reshaping the landscape. Legal battles over tracking technologies, biometric data, and children’s privacy intensified, while federal agencies, including the Federal Trade Commission (“FTC”) and the U.S. Department of Health and Human Services Office for Civil Rights (“HHS OCR”), ramped up their efforts through major enforcement actions and high-profile settlements, marking a new era of increased accountability.