Get Started

January 30, 2025

Issue 41 — Latest in privacy & security

In Today's Edition

  • Edtech hack may have compromised 72 million students and teachers
  • Trump disables national privacy watchdog
  • SEC announces crypto taskforce
  • How to mitigate AI vendor risk
  • Texas AG investigates privacy at 4 automakers
  • TerraTrue enhanced third-party risk management
  • Jobs corner
  • Upcoming webinars & events

Latest in Privacy and Security

  • The PowerSchool edtech data breach we discussed in the last newsletter keeps getting worse. The hacker claims they stole personal data of almost 72 million students and teachers from 6,505 school districts in multiple countries. Although we can’t confirm the overall total, multiple districts have reported breach numbers in the hundreds of thousands, and the Toronto school district has had almost 1.5 million students compromised. Read more
  • The Trump administration has asked for resignation letters from the three Democrats on the US Privacy and Civil Liberties Oversight Board, leaving the watchdog without a quorum. The bipartisan organization scrutinizes natsec activities for civil liberties violations. This move will leave the organization, which requires a minimum of three people to operate, with only one member, effectively eliminating its oversight as Trump revamps law enforcement and national security organizations. Read more
  • In the rush to incorporate cutting-edge AI tools, companies often fail to fully account for the risks AI vendors may pose to security, privacy, and compliance. To list just a few:
  • Lax or non-existent IP and copyright practices in AI training
  • Biased output, exposing you to potential discrimination liability
  • Lack of adequate cybersecurity controls
  • Poor data privacy and security practices
  • Insufficient visibility and auditability

Before you pick an AI vendor, make sure you fully understand:

  • Why you need the vendor
  • What data they’ll access
  • How data access will be controlled
  • What risks that vendor poses
  • Read more

Regulations / Fines

  • The Securities and Exchange Commission has launched a new task force to develop crypto regulations. The SEC aims to clarify rules, increase engagement with industry and academic parties, and move away from the previous administration’s reliance on enforcement actions to define crypto policy. Read more
  • Texas’ Attorney General is investigating Ford, Toyota, Hyundai, and Fiat Chrisler for possible privacy violations. The AG has sent notices demanding written responses about the automakers’ data collection, sharing, and selling practices. The AG investigated several other major automakers in 2024, and sued GM for selling customer driving data. Read more

Feature Focus

  • TerraTrue now offers enhanced third-party risk management. Our improved vendor oversight includes:
    • Risk-based assessment scheduling
    • Automated reminder workflows
    • API endpoints to simplify external system integration
    • Comprehensive vendor profiles with built-in risk tracking

Jobs Corner

Upcoming Events

Trust meme of the day

Mr Bean smelling the air

Upgrading Your Privacy & Security Program for 2025?

Let us help you think through how to plan, budget, and design your program.

Loading GTM...