PrivacySignal
Enforcement

NY Attorney General James Secures $18 Million From 23andMe for Failing to Protect Customers’ Genetic Data

DataBreaches.net · · International · Enforcement

New York Attorney General Letitia James, joined by a bipartisan coalition of 42 other state attorneys general, reached an $18 million settlement with genetic testing company 23andMe over its failure to adequately protect customers' genetic data. California's attorney general has filed a separate lawsuit against the company under state privacy law.

Why this matters: Genetic data is not like a leaked password you can reset. It is permanent, it identifies your relatives, and it can reveal things about your health that even you do not know yet. 23andMe collected that data from millions of people who trusted them with it. The $18 million settlement spread across 43 states is a signal that regulators are paying attention, but it does not undo what happened. The California lawsuit still ahead means this company is not done answering for how it handled some of the most sensitive personal information that exists.

Who should care: Lawyers · Privacy officers · Compliance · General readers · Policy

This summary is AI-assisted and may contain errors. It is an original briefing to help you gauge significance quickly — not a reproduction of the source. Always read the linked original before relying on it. See our methodology.

Related stories

Enforcement
HIPAA Journal · · US Federal

Atrium Health Pays Up to $1.8M to Resolve Pixel Lawsuit

Atrium Health has agreed to pay up to $1.8 million to settle a class action lawsuit tied to its use of tracking pixels, which allegedly transmitted patient data to third parties without proper authorization. The settlement resolves claims against the Charlotte-based hospital system under privacy laws governing health information.

Who should care: Lawyers · Privacy officers · Compliance · Healthcare professionals

#enforcement#healthcare Read original →
Enforcement
WIRED — AI · · International

Why Apple Sued OpenAI, New York Takes on Data Centers, and What to Know about Cyclosporiasis

A tech podcast episode covers Apple's reported legal action against OpenAI, New York state scrutiny of data centers, and an unrelated public health topic. The discussion frames OpenAI's legal and reputational troubles in the context of its competitive battle with Anthropic.

Who should care: Lawyers · Privacy officers · Compliance

#enforcement Read original →
Enforcement
DataBreaches.net · · International

Italy fines WINDTRE €1.7 million over data breaches

Italy's data protection authority fined telecom operator WINDTRE €1.7 million after finding serious security failures that led to two separate unauthorized breaches, exposing personal data belonging to more than 365,000 customers. The investigation was triggered by the company's own breach notification.

Who should care: Lawyers · Privacy officers · Compliance · AI governance · General readers · Policy

#enforcement#gdpr#privacy Read original →
Enforcement
L Light Reading · · International

Regulators must shift focus from AI policy design to implementation and enforcement – Omdia

Research firm Omdia is calling on regulators to move beyond drafting AI policy frameworks and turn their attention to actually putting those rules into practice and enforcing them. The argument is that the gap between written rules and real-world accountability has grown wide enough to matter.

Who should care: Lawyers · Privacy officers · Compliance · AI governance · Administrators · General readers · Policy

#enforcement#ai-governance#regulation#ai Read original →
Enforcement
The Guardian — Tech · · International

Musk’s xAI sues user who allegedly used Grok to create child sexual abuse material

xAI has sued a South Carolina man, already facing criminal charges for sexually exploiting minors, alleging he used the Grok AI system to generate child sexual abuse material in violation of the company's terms of service. The federal lawsuit, filed in Texas, is among the first of its kind brought by an AI company against a user for this type of alleged misuse.

Who should care: Lawyers · Privacy officers · Compliance · General readers · AI governance · Policy

#enforcement#ai#security Read original →
Enforcement
O Omdia · · International

Omdia: Regulators must shift focus from AI policy design to implementation and enforcement

Research firm Omdia is calling on regulators to move beyond drafting AI policy frameworks and prioritize putting those rules into practice through active enforcement. The argument is that the gap between written policy and real-world accountability has grown wide enough to matter.

Who should care: Lawyers · Privacy officers · Compliance · AI governance · Administrators · General readers · Policy

#enforcement#ai-governance#regulation#ai Read original →