US Capitol building at dusk with lights illuminating the dome

Today's Headlines:

  • 24 days until Section 702 expires. House Republicans threaten to attach voter suppression bill. Senate leadership has no response. No vote scheduled.
  • Fargo police chief apologized for facial recognition wrongful arrest. Tennessee grandmother spent four months in jail. New policy issued.
  • Microsoft delays Teams room tracking to April. The feature can detect which specific room you're in via Wi-Fi.
  • TriZetto breach exposed 3.4 million patients. Attackers had access for nearly a year before detection.
  • IAPP Global Privacy Summit starts in 3 days. World's largest privacy gathering. Prince Harry keynotes.

Fargo Police Chief Apologizes After Facial Recognition Puts Grandmother in Jail for Four Months

Angela Lipps, a 50-year-old grandmother from Elizabethton, Tennessee, spent four months in a North Dakota jail because an AI system said she looked like a bank fraud suspect.[1]

Here's what happened: West Fargo detectives ran a photo from a fake ID through their facial recognition system. It returned Lipps as a potential match. That information went to Fargo detectives, who assumed (wrongly) that actual surveillance photos had also been matched. They hadn't. Nobody double-checked.

US Marshals arrested Lipps at her Tennessee home in July 2025. She sat in jail until late October, then was transported to Fargo. On Christmas Eve, prosecutors dismissed all charges after her attorney produced bank records proving she was in Tennessee when the crimes occurred.[2]

Fargo Police Chief Dave Zibolski issued a public apology this week and admitted errors in the investigation. He also issued a temporary directive requiring review of all facial recognition use. But here's the problem: he's refusing to close the case against Lipps entirely. Her attorneys, Eric Rice and Dane DeKrey, are preparing civil rights claims.[3]

This case should kill facial recognition use in law enforcement. It won't. But it's exactly the kind of wrongful arrest privacy advocates have warned about for years. AI flagged the wrong person. Cops didn't verify. A grandmother lost four months of her life.

Our investigation: Fargo facial recognition wrongful arrest

24 Days: Section 702 Countdown Gets Messier

April 20. Twenty-four days. Congress still has no plan, and now it's getting worse.[4]

Rep. Anna Paulina Luna (R-FL) announced she plans to attach the SAVE Act to FISA reauthorization. That's the voter suppression bill requiring documentary proof of citizenship to register. Senate Democrats won't vote for it. House progressives won't vote for it. This poison pill could tank the entire extension.[5]

Meanwhile, Senators Lee and Durbin's SAFE Act (the reform bill that would add warrant requirements for accessing Americans' communications) hasn't moved. The Fourth Amendment Is Not For Sale Act to close the data broker loophole? Stuck. The Government Surveillance Reform Act? Dead in committee.

The White House wants a clean 18-month extension with zero reforms. Privacy advocates want warrant requirements. Intelligence officials are panic-lobbying about losing surveillance capabilities. House Speaker Johnson can't build a coalition in any direction.

Here's what's at stake: If Section 702 sunsets, the NSA loses authority to collect communications between Americans and foreign targets without individual warrants. The FBI can't query that database for domestic investigations. The upstream collection infrastructure goes dark.[4]

Some privacy advocates call that outcome overdue. Intelligence officials call it catastrophic. Either way, 24 days and counting.

Our Section 702 explainer | Wyden-Lee reform bill analysis

Microsoft Delays Teams Room Tracking Feature, Again

Microsoft's controversial work location feature for Teams has been delayed to April 2026. That's the third postponement.[6]

When it finally rolls out, here's how it works: Connect to your company's Wi-Fi, and Teams automatically detects and broadcasts your work location to colleagues. Depending on your office's wireless infrastructure, it can identify the specific building, or even the specific room you're in.[7]

Microsoft insists this is "built for collaboration, not compliance." The feature will be disabled by default. Admins have to enable it. Employees have to opt in. Microsoft says it can't be used to track attendance.

Privacy researchers aren't buying it. One expert asked Fortune: "Do these companies ever put these ideas through a creepy assessment?"[6] And there's the pressure problem. An opt-in mechanism offers limited protection when managers can pressure employees to enable it. Even if Teams won't track attendance, it will reveal when someone is in the office, and when they're not.

The global bossware market hit $587 million in 2024 and is projected to reach $1.4 billion by 2031. Microsoft is positioning itself in that market, one "collaborative" feature at a time.

Our bossware deep-dive

TriZetto Breach: 3.4 Million Patients, Almost a Year of Access

Healthcare tech giant TriZetto (owned by Cognizant) confirmed that attackers stole protected health information from 3.4 million patients. The kicker: The breach started in November 2024. TriZetto didn't detect it until October 2025. Nearly a year of access.[8]

What got stolen: names, addresses, birth dates, Social Security numbers, health insurance numbers, Medicare beneficiary numbers, provider names, primary insured information, and other demographic and health data. Everything an identity thief needs, plus your medical history.

TriZetto provides revenue cycle management services to hospitals and healthcare providers across the country. Their web portal for insurance eligibility verification was the entry point. The company started notifying affected providers in December 2025, but patients are only now finding out.[9]

Multiple class-action lawsuits have already been filed against Cognizant and TriZetto, alleging they failed to protect data and delayed disclosure. TriZetto is offering credit monitoring, fraud consultation, and identity theft restoration to affected individuals.

This adds to an epidemic year for healthcare breaches. The 2026 tally so far exceeds 300 million affected individuals. Your medical records are worth more than credit cards on the dark web, and clearly less protected.

Related: Navia breach affects 2.7 million

IAPP Global Privacy Summit: 3 Days Out

The world's largest annual gathering of privacy professionals kicks off March 30 at the Walter E. Washington Convention Center in DC.[10]

What to watch: Prince Harry is keynoting on digital society. FTC Commissioner Mark Meador will preview 2026 enforcement priorities. AI governance dominates the agenda: the EU AI Act goes into full effect August 2, and everyone's scrambling.

The timing is pointed. IAPP Summit runs through April 2. Section 702 expires April 20. Expect privacy professionals to be talking about both in the hallways.

Our full IAPP preview

Breach Roundup: More Healthcare, More SSNs

Beyond TriZetto, the breach pipeline keeps flowing:

  • Navia Benefit Solutions: 2.7 million individuals notified that their sensitive information was exposed to attackers.[11]
  • Heritage Bank: March 1 breach saw files copied from internal server. Investigation ongoing.
  • Aura: The identity protection company (ironically) confirmed unauthorized access to 900,000 customer records. Names and emails exposed.
  • TELUS Digital: ShinyHunters ransomware group claims 1 petabyte of data including FBI background checks, voice recordings, and Salesforce data.[11]

The pattern: healthcare and financial services getting hit hardest. The attackers: increasingly organized ransomware operations. The response: the same press releases, the same credit monitoring offers, the same lack of accountability.

Bossware Update: 78% of Companies Now Tracking Employees

New data this week puts workplace surveillance adoption at record highs. According to recent studies, 78% of companies are tracking employees with monitoring software. A MIT study found 80% of companies monitoring remote or hybrid workers.[12]

What they're tracking: keystrokes, screenshots, webcam feeds, productivity scores, and AI-driven behavioral analysis. Modern platforms predict burnout, automate performance reporting, and flag "anomalies" in real time.

The impact: 59% of workers report that digital tracking damages workplace trust. Workers under continuous surveillance report feeling anxious and demoralized. The EU AI Act classifies workplace AI surveillance as "high-risk" starting August 2026. The CFPB is cracking down.[12]

Big Tech is leading by example, and not the good kind. Amazon and Meta have intensified employee tracking this year. Microsoft's room-level location detection fits the pattern.

Our bossware investigation

What to Watch

  • IAPP Global Privacy Summit (March 30 - April 2): Keynotes from Prince Harry and FTC Commissioner Mark Meador. AI governance and Section 702 will dominate hallway conversations.
  • Meta's Markey deadline (April 6): Senators Markey, Wyden, and Merkley demanded answers about facial recognition plans for Ray-Ban smart glasses. Ten days left.
  • Section 702 (April 20): 24 days. SAVE Act poison pill complicates everything.
  • Microsoft Teams room tracking (April): Third time's the charm? Watch for pushback when it actually ships.
  • Fargo FR case: Civil rights lawsuit expected. Could set precedent for facial recognition liability.

Sources

  1. MPR News - "Fargo police chief apologizes for mistakes in AI-aided arrest" (March 24, 2026)
  2. NewsChannel 9 - "Tennessee grandma mistakenly sent to North Dakota jail due to AI error"
  3. Biometric Update - "Fargo facial recognition saga sees police admit errors but refuse to close case"
  4. Brennan Center - Section 702 FISA 2026 Resource Page
  5. American Prospect - "Warrantless Spying Reform Just Got a Whole Lot More Interesting" (March 23, 2026)
  6. Fortune - "Microsoft Teams can now track what room you're in" (March 11, 2026)
  7. UC Today - "Microsoft Delays Controversial Teams' Work Location Tracking Feature"
  8. TechCrunch - "TriZetto confirms 3.4M people's health and personal data was stolen during breach" (March 6, 2026)
  9. HIPAA Journal - "Trizetto Data Breach: PHI of 3.4 Million Individuals Exposed"
  10. IAPP - Global Summit 2026
  11. PKWARE - "2026 Data Breaches: Cybersecurity Incidents"
  12. Carey & Associates - "Surveillance at Work: How Bossware Threatens Employee Rights in 2026"