January 30, 2025
Issue 41 — Latest in privacy & security
In Today's Edition
- Edtech hack may have compromised 72 million students and teachers
- Trump disables national privacy watchdog
- SEC announces crypto taskforce
- How to mitigate AI vendor risk
- Texas AG investigates privacy at 4 automakers
- TerraTrue enhanced third-party risk management
- Jobs corner
- Upcoming webinars & events
Latest in Privacy and Security
- The PowerSchool edtech data breach we discussed in the last newsletter keeps getting worse. The hacker claims they stole personal data of almost 72 million students and teachers from 6,505 school districts in multiple countries. Although we can’t confirm the overall total, multiple districts have reported breach numbers in the hundreds of thousands, and the Toronto school district has had almost 1.5 million students compromised. Read more
- The Trump administration has asked for resignation letters from the three Democrats on the US Privacy and Civil Liberties Oversight Board, leaving the watchdog without a quorum. The bipartisan organization scrutinizes natsec activities for civil liberties violations. This move will leave the organization, which requires a minimum of three people to operate, with only one member, effectively eliminating its oversight as Trump revamps law enforcement and national security organizations. Read more
- In the rush to incorporate cutting-edge AI tools, companies often fail to fully account for the risks AI vendors may pose to security, privacy, and compliance. To list just a few:
- Lax or non-existent IP and copyright practices in AI training
- Biased output, exposing you to potential discrimination liability
- Lack of adequate cybersecurity controls
- Poor data privacy and security practices
- Insufficient visibility and auditability
Before you pick an AI vendor, make sure you fully understand:
- Why you need the vendor
- What data they’ll access
- How data access will be controlled
- What risks that vendor poses
- Read more
Regulations / Fines
- The Securities and Exchange Commission has launched a new task force to develop crypto regulations. The SEC aims to clarify rules, increase engagement with industry and academic parties, and move away from the previous administration’s reliance on enforcement actions to define crypto policy. Read more
- Texas’ Attorney General is investigating Ford, Toyota, Hyundai, and Fiat Chrisler for possible privacy violations. The AG has sent notices demanding written responses about the automakers’ data collection, sharing, and selling practices. The AG investigated several other major automakers in 2024, and sued GM for selling customer driving data. Read more
Feature Focus
- TerraTrue now offers enhanced third-party risk management. Our improved vendor oversight includes:
- Risk-based assessment scheduling
- Automated reminder workflows
- API endpoints to simplify external system integration
- Comprehensive vendor profiles with built-in risk tracking
Jobs Corner
- Larson Maddox: Senior Privacy Counsel
- Lenovo: Senior Privacy Counsel
- Postman: Privacy Counsel
- OpenAI: Head of Third Party Risk Management
- Adobe: Senior Director of Third Party Risk Management
Upcoming Events
- IAPP Data Protection Intensive: UK | Mar 10-11 | London
- IAPP Global Privacy Summit 2025 | Apr 21-24 | Washington, DC
- IAPP Canada Privacy Symposium | May 11-15 | Toronto, Ontario
- FutureCon Dallas | Jan 30 | Dallas, TX
- Compliance Week Cyber Risk & Data Privacy Summit | Feb 10-11 | Alexandria, VA
- Riskworld 2025 | May 3-7 | Chicago, IL
- Compliance Week Third Party Risk Management Summit |Jun 2-4 | Austin, TX
Trust meme of the day

Upgrading Your Privacy & Security Program for 2025?
Let us help you think through how to plan, budget, and design your program.