Issue 46 — Latest in privacy & security

In Today's Edition

• Colorado passes first U.S. high-risk AI systems regulation state law
• Microsoft to sign EU’s General-Purpose AI Code of Practice. Meta refuses
• Hacktivist group DragonForce claims U.S. retailer Belk data breach responsibility
• TikTok fined $575 million due to undisclosed data processing practices
• New privacy & security jobs
• New events
• And more

  Latest in AI, Privacy and Security

• Colorado has passed the first U.S. state law regulating high-risk AI systems, requiring companies to conduct impact assessments, manage algorithmic bias, and notify individuals affected by AI-driven employment decisions. Taking effect in 2026, the law defines high-risk AI as tools that influence hiring, promotion, or disciplinary outcomes. It mandates annual bias audits and places responsibility on both developers and deployers of such systems. The law mirrors aspects of the EU AI Act, signaling growing state-level momentum for AI governance in the U.S. and expanding the scope of compliance into HR and people operations. Read More
• Microsoft has announced it will sign the EU’s General-Purpose AI Code of Practice, becoming the first major U.S. tech company to voluntarily align with the upcoming EU AI Act. The Code requires documentation of data sources, transparency in model training and deployment, and long-term risk mitigation. In contrast, Meta has refused to sign, citing concerns about the Code’s expectations around model disclosures and internal architecture. This growing divergence between tech giants highlights the challenges of aligning global AI governance and may preview future compliance tensions once the AI Act becomes enforceable. Read More
• Hacktivist group DragonForce has claimed responsibility for a data breach at U.S. retailer Belk, leaking what appears to be over 100GB of sensitive information. The group posted samples online, including employee payroll and internal documents. Belk has not yet confirmed the breach, but the company is reportedly investigating. DragonForce has previously targeted entities in response to geopolitical events, raising concerns about the increasing overlap between political hacktivism and enterprise security risk. Read More

 Regulations / Fines

• TikTok faces renewed scrutiny after reports of a $575 million fine linked to undisclosed data processing practices surfaced. While details remain unclear, the article questions why the company and regulators have kept the penalty largely under wraps. The situation has reignited debate over transparency in enforcement, especially when fines involve sensitive issues like algorithmic profiling, cross-border transfers, or surveillance concerns. The opacity surrounding the fine raises questions about regulatory consistency and TikTok’s ongoing privacy posture.
  Read More

  Feature Focus

• TerraTrue’s Assessments module streamlines privacy reviews across your entire organization, allowing you to move fast without compromising compliance. By embedding privacy-by-design into everyday workflows, TerraTrue turns assessments from a bottleneck into a business accelerator.
• Automate: Terra True platform learns from previous assessments
• Collaborate: Send the most relevant questions to the right people
• Report: See all assessments in one place, search, filter, and export to PDF with ease
• Read More

Jobs Corner

• Google: Compliance Analyst, Enterprise Risk Management
• Deloitte: Data Privacy Senior Consultant
• Capital One: Director of Data Protection
• Cognizant: Data Privacy
• Aditi Consulting: AI Governance Project Manager

 Upcoming Events

• Artificial Intelligence (AI) Risk Summit | Aug 19-20, 2025 | Half Moon Bay, CA
• Cybersecurity Summit Series | Aug 19, 2025 | Detroit, MA
• AI Governance Summit 2025 | Aug 7, 2025 | Sydney

Trust meme of the day

Stay ahead of shifting AI and privacy regulations.

Get clarity and control - talk with our experts