Even if your business only sells goods or services in the U.S., your business may be a “data broker” under the new bulk data regulations, according to an April 11, 2025 Compliance Guide issued by the U.S. Department of Justice

Steve Roosa (US)
NT Analyzer adds JavaScript file analysis feature
In addition to NT Analyzer recently adding API mapping to its complement of services, we have also incorporated JavaScript file analysis targeting those JavaScript files that are downloaded to a user’s browser from third-party remote hosts while navigating a company’s…
NT Analyzer adds API mapping feature
This month, we have added “API mapping” and “JavaScript file analysis” as core components of the NT Analyzer tool suite. This post explains what API Mapping is and how the feature provides critical insights regarding the transmission and processing of…
New York Attorney General, personal data, and SHIELD Act
On March 20, 2025, the New York Attorney General (“NYAG”) announced a settlement with Ohio-based Root Insurance, regarding privacy practices relating to its auto insurance online quoting tool. As part of the settlement, Root agreed to pay $975,000 and to…

FTC finalizes COPPA rule amendments
On January 16, 2025, the Federal Trade Commission (FTC) announced significant amendments to the Children’s Online Privacy Protection Act (COPPA) Rule after a comprehensive review that began in 2019. This marks the first major update since 2013 and represents a…
Don’t throw the AI baby out with the data leakage bath water: Reading “AI Snake Oil” with a spirit of optimism
The privacy-cyber world seems preoccupied with issues related to the nexus between personal data and AI. Those issues, although important, are dwarfed by a more pressing and fundamental question: can we get AI to do useful things reliably and accurately…
Announcing NT Analyzer 2.0: Combating Privacy Risks, Powered by AI
NT Analyzer Refresher: Why Network Traffic Analysis?
Keeping track of where all the data is going can be devilishly difficult for companies, given the increasingly data-centric economy, massive changes in browser/mobile platforms, and the necessary use of a variety of…
CCPA compliance is not child’s play—but network traffic testing can help
On June 18, 2024, the California Attorney General and Los Angeles City Attorney filed a complaint and stipulated final judgment (including a $500,000 settlement) with Tilting Point Media LLC (“Defendant” or “Tilting Point”), resolving allegations that the video game developer…

Apple introduces “Privacy Manifests” for new and updated apps
Apple recently announced that beginning in spring 2024, developers of certain SDKs and apps that use those SDKs will be required to include a “Privacy Manifest,” which lists all tracking domains used in the relevant SDK or app. To determine…

Testing the tricky apps for privacy and data protection
Dealing with cert pinning and root detection
The privacy area has been white-hot lately, including litigation and investigations involving VPPA; Wiretap/Pen Register/Trap and Trace; and Opt Out Compliance. Furthermore, with the HHS updates on tracking in the HIPAA context, and…