Companies that don't properly consider human rights risk "reputational harm, financial loss ... shareholder lawsuits, and dissatisfaction" from employees and customers, a group of nearly 50 investors said in endorsing New America's index (see 1804250022) from April. Investor Alliance for Human Rights members Boston Common Asset Management, Mercy Investment Services, NEI Investments and Robeco signed. The index recommends tech and telecom companies not wait for new laws to pass to improve data privacy policies. It suggests regular impact assessments to determine how products and services affect user expression and privacy, “effective grievance and remedy mechanisms” and comprehensive transparency reports on data collection.

Zix agreed to pay $275 million cash for the AppRiver cybersecurity firm, the email security provider announced Tuesday. The deal is expected to more than double Zix revenue and adjusted cash flow. True Wind Capital will invest $100 million once the takeover is complete, with some of the tech private equity firm's staff joining the Zix board (see the personals section of this publication). The deal is expected to close in Q1, a Zix spokesperson emailed us.

The National Institute of Standards and Technology should offer best practices (see 1812170032) so companies can demonstrate compliance with various national privacy “obligations,” Information Technology Industry Council commented Monday. Develop a road map with the framework, providing accessible language for “identifying, assessing, managing and communicating privacy risks,” ITI asked. The U.S. is at a “critical” moment for evaluating consumer privacy protections, said BSA|The Software Alliance Policy Director Shaundra Watson, and hopefully NIST’s effort leads to “a useful tool that will help companies strengthen their privacy practices.”

Marriott erred in taking nearly three months to alert customers about its data breach (see 1901040048), nearly 180 plaintiffs from 50 states, the District of Columbia, Puerto Rico and the Virgin Islands said in a lawsuit Wednesday. Plaintiffs have evidence of fraud allegedly linked to the breach, said Hausfeld's James Pizzirusso: It took Marriott four years to discover the breach on Sept. 8. The lawsuit is in U.S. District Court in Greenbelt, Maryland (docket 19-cv-00094). Monday, Marriott declined comment.

Congress should replace a patchwork of state and federal privacy laws with one “common set of protections,” the Information Technology & Innovation Foundation said Monday. That single federal data privacy law should pre-empt state laws and replace laws like the Health Insurance Portability and Accountability Act and Gramm-Leach-Bliley Act, said Vice President Daniel Castro and Senior Policy Analyst Alan McQuinn. They said the law should promote business and innovation, saying economies with strict privacy laws like the EU are falling behind: “Of the top 200 digital firms, only 8 are European.”

CTA fears “unilateral” export controls over emerging technologies “can seriously undercut U.S. technological leadership,” it told the Commerce Department’s Bureau of Industry and Security Thursday in docket BIS-2018-0024. CTA’s comments put it squarely in agreement with other tech groups that told BIS that overly strict export controls on new technology like artificial intelligence could harm tech innovation and bolster bad actors like China (see 1901100032). If the American tech industry is “locked out,” whether by “law or perception,” from pursuing “high growth markets” for “cutting-edge technologies,” U.S. companies “will lose the jobs and research investments that grow from our ability to compete for business in these fields,” said CTA. BIS should stick to the “principles” based in the 2018 Export Control Reform Act “as it considers whether or which technologies to propose for control,” it said. In deciding which emerging technologies should be targeted for controls, identify only those “not now controlled and that are essential to the national security” of the U.S., it said. It said any proposed controls should “be limited to addressing national security concerns, not trade policy issues.” CTA also urged the Trump administration to “give great weight to industry statements regarding how a proposed unilateral control would help or harm their U.S. business.” Don't "propose or impose new emerging technology controls unless it has fully considered the impact such controls would have on the U.S. economy,” CTA urged BIS. The Computer & Communications Industry Association suggested patented and patent-pending technology be excluded from export administration regulations. “A poorly executed export control regime can hinder innovation” and next-generation tech, CCIA said.

The California attorney general’s public forums to implement the state privacy law won’t be webcast, but the AG office plans to release “a transcript with comments,” a spokesperson said this week. The AG’s first forum on the 2018 law was Tuesday in San Francisco with five more planned this month and next across the state (see 1812200008).

Apple’s board is asking shareholders to reject a National Center for Public Policy Research proposal to disclose future board nominees’ “ideological perspectives,” along with their skills and experience, said a definitive proxy statement Tuesday at the SEC for Apple's March 1 annual meeting in Cupertino, California. The conservative think tank, which owns at least $2,000 worth of Apple stock, believes boards “that incorporate diverse perspectives can think more critically and oversee corporate managers more effectively,” said the proxy. There’s “ample evidence” that Apple, and the tech industry "generally," operate in "ideological hegemony that eschews conservative people, thoughts, and values,” it said. “This ideological echo chamber can result in groupthink that is the antithesis of diversity. This can be a major risk factor for shareholders.” Apple doesn’t “consider a nominee’s ideological perspectives to be relevant to the Board’s oversight role or the nominee’s ability to serve as an effective director," said the company in the proxy. Apple “considers a wide range of factors in assessing whether each nominee, and all nominees as a group, provides the background, experiences, and attributes necessary to effectively perform the Board’s oversight function,” it said.

A coalition focused on raising public awareness about automated vehicles and advanced driver assistance systems launched at CES Monday. Partners for Automated Vehicle Education (PAVE) is dedicated to educating drivers and policymakers on “the life-saving potential of these advancements,” said a release from member organization National Safety Council. The groups “believe in the promise of automated vehicle technology for enhanced mobility, improved sustainability and, above all, safety,” said NSC CEO Deborah Hersman. PAVE includes industry, nonprofit and academic members, among them AAA, CTA, Audi, Daimler, Toyota, the National Council on Aging, National Federation of the Blind and Waymo.

Sprint is launching a 5G 1.5-mile autonomous vehicle/technology test track in Peachtree Corners, Georgia, the telco announced Tuesday. Combined with Sprint Curiosity IoT and micropositioning, the Curiosity Lab will be built within a 500-acre tech park designed to test software for various transportation technologies.