Data Privacy + Cybersecurity Insider
CYBERSECURITY
Joint Advisory Lists Top Routinely Exploited Vulnerabilities
On November 12, 2024, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the National Security Agency, along with its security partners in Australia, Canada, New Zealand, and the United Kingdom, issued the cybersecurity advisory “2023 Top Routinely Exploited Vulnerabilities,” outlining top vulnerabilities impacting companies across the free world. Read More
ENFORCEMENT + LITIGATION
Oak Valley Hospital Settles Data Breach Lawsuit
Oak Valley Hospital, located in Oakdale, California, reached a settlement in a class action related to a 2023 data breach. On July 18, 2023, Oak Valley detected suspicious activity on its IT systems. Pursuant to the forensic investigation, Oak Valley determined that an unauthorized third-party had access to its systems from April 21 to July 18, 2023. Based on the investigation, Oak Valley determined that during that timeframe, billing files and treatment records may have been viewed and/or exfiltrated. Read More
DATA PRIVACY
California Privacy Agency to Regulate AI, Boost Cybersecurity Audits
During the California Privacy Protection Agency’s (CPPA) meeting on November 8, 2024, it voted to proceed with formal rulemaking regarding artificial intelligence (AI) and cybersecurity audits. The CPPA’s rulemaking related to AI runs parallel to the California Civil Rights Department’s push for its regulations related to AI. Read More
Increased Privacy Enforcement Actions Anticipated Under Texas Privacy Law
While California was the first state to implement a comprehensive consumer privacy rights law and the first to bring an enforcement action for violations, Texas is quickly becoming the next privacy regulator to watch. The Texas Privacy and Data Security Act (TPDSA) became effective in July 2024, and the Texas Securing Children Online through Parental Empowerment (SCOPE) Act became effective in September 2024. Texas Attorney General, Ken Paxton, launched a privacy and security enforcement initiative in June 2024. Read More
ARTIFICIAL INTELLIGENCE
Microsoft Patent Aims to Eliminate AI Hallucinations
Microsoft is developing a way to eliminate hallucinations, or false responses, in artificial intelligence (AI) models. It filed U.S. Patent Application No. 18/140,658, entitled “Interacting with a Language Model using External Knowledge and Feedback,” in April 2023. The application published on October 31, 2024, and became available for public inspection. Read More
PRIVACY TIP
Privacy Tip #421 - Threat Actors Using DocuSign API to Send Fake Invoices
DocuSign can be an effective and efficient way to obtain authentic signatures for contracts and invoices. As with other similar tools, threat actors have found a way to use the DocuSign API to send fake invoices to divert funds. Find out more in this week's Privacy Tip. Read more



