January 17, 2025
Issue 40 — Latest in privacy & security
In Today's Edition
- US House AI Taskforce releases bipartisan report
- Less than half of companies have AI governance in place
- Vendor breaches strike nearly all top US banks
- New York fines insurers over $11 million for lax cybersecurity
- TerraTrue’s enhanced data discovery & governance
- Jobs corner
- Upcoming webinars & events
Latest in Privacy and Security
- A new study found that 97% of firms reported third-party breaches last year, including nearly all of the top 100 banks in the US. However, the breaches were tied to just 6% of vendors. With financial institutions increasingly reliant on a wide range of core services from third parties, it’s more important than ever to vet your vendors and regularly review your third party compliance posture. Read more
Regulations / Fines
- The Bipartisan House AI Taskforce released its final report. The report recommended that lawmakers use a consistent national framework to regulate AI, rather than relying on a patchwork of state and federal laws. Read more
- The AI Governance Benchmarking Survey found that businesses are diving into AI with little to no compliance or governance strategy in place. Of the respondents who answered their question on AI tool use, 95% said they were using AI tools, but only 38% have an AI governance strategy in place. WIth the EU AI ACT in place and other regions quickly following suit, businesses are at risk of a range of AI compliance violations, from data privacy infringements, to algorithmic bias, to cybersecurity vulnerability. TerraTrue can help you meet your AI compliance needs ahead of time, so you’ll be ready for the new regulations.
- The New York State Department of Financial Services fined two insurers a total of $11.3 million for violating the New York Cybersecurity Regulation. The companies exposed the personal info of more than 120,000 New Yorkers through poor data security practices.The companies were cited for failing to implement a cybersecurity program, perform regular risk assessments, and proper access control. Read more
Feature Focus
- TerraTrue’s Data Catalog has been enhanced with three major improvements. We now offer client-side deployment, enabling organizations to better address strict security protocols. We’ve also refined launch triggers, with enhanced precision based on data sources and types. Finally, the data exploration and analysis dashboard has been improved to enable more detailed data analysis
Jobs Corner
- VinFast US: Privacy Counsel
- Lululemon: Senior Privacy Counsel
- Foursquare: Senior Compliance Manager, Data & Privacy
Upcoming Events
- Your 2025 Risk Reset | [Webinar] | Online | Global
- IAPP Data Protection Intensive: UK | Mar 10-11 | London
- IAPP Global Privacy Summit 2025 | Apr 21-24 | Washington, DC
- IAPP Canada Privacy Symposium | May 11-15 | Toronto, Ontario
- FutureCon Chicago | Jan 23 | Chicago, IL
- Compliance Week Cyber Risk & Data Privacy Summit | Feb 10-11 | Alexandria, VA
Trust meme of the day

Upgrading Your Privacy & Security Program for 2025?
- Let us help you think through how to plan, budget, and design your program.