Greetings from Portsmouth, NH! 

We are back in the office, and while that may look a little differently than it did two years ago, it is good to chat with colleagues in person again. 

In case you missed it, the IAPP has boots on the ground in Washington, D.C., with our new Managing Director, Cobun Zweifel-Keegan, CIPP/US, CIPM, leading the charge. Zweifel-Keegan has launched a new weekly series, "Heard around D.C." that will run Fridays beginning March 25. In the meantime, you can catch a sneak peek at his latest observations on privacy happenings around D.C. here.

In a notable enforcement action this week, the U.S. Federal Trade Commission fined customized merchandise platform CafePress $500,000 for allegedly covering up a 2019 data breach. Zweifel-Keegan breaks down the enforcement action in a piece for The Privacy Advisor. Just one day after the enforcement was proposed, BankInfoSecurity reported the former owner of CafePress, Respondent Residual Pumpkin Entity, agreed to pay the settlement. We'll have additional reporting on the settlement in the upcoming issue of The Privacy Advisor. 

In other FTC-related news, Insider reported the agency is investigating Amazon over its potential use of "dark patterns" in its promotions for Prime services. The reported investigation stems from Amazon customer complaints alleging they were "tricked into signing up for the Prime membership for years." While the FTC has not given an update, FTC Chair Lina Khan tweeted in January that language on signing up or canceling services should be clear. "If you click to subscribe, you should be able to click to cancel. FTC has made clear that to comply with the law, businesses must ensure sign-ups are clear, consensual, and easy to cancel."

While we wait for a federal privacy law, states continue to ramp up, or in some cases ramp down, privacy legislation of their own. This week Indiana and Connecticut advanced their prospective laws, and Tennessee did not. For a brief moment it looked like Iowa House File 2506 was going to receive Senate Judiciary Committee consideration after the House resoundingly voted to move it forward earlier this week. However, as of press time, it didn't make it on the Senate's agenda before today's reporting deadline. IAPP Staff Writer Joe Duball reminded us this is not the first time a Virginia/Utah "copycat stalled after passing one chamber." 

Speaking of Utah, the Utah Consumer Privacy Bill reached the desk of Governor Spencer Cox, R-Utah, March 15. He has 20 days to sign, veto or simply allow the bill into law without signature. The countdown is on and we will keep you updated. And, as always, you can stay up-to-date with the IAPP State Privacy Legislation Tracker.

Finally, we are less than a month out from the IAPP Global Privacy Summit 2022 in Washington, D.C. It's safe to say we're excited for our first in-person Summit in two years. If you're going, keep an eye out for the editorial staff, and don't hesitate to say hello.