CalPrivacy recently resolved allegations of California Consumer Privacy Act (CCPA) noncompliance against a high school event ticketing provider. The agency showed its aggressive side by pursuing enforcement even though the...more
3/10/2026
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consent ,
Consumer Privacy Rights ,
Cookie Banners ,
Cookies ,
Data Privacy ,
Data-Sharing ,
Disclosure Requirements ,
Enforcement Actions ,
Opt-Outs ,
Risk Assessment ,
State Privacy Laws ,
Web Tracking
Without fail, each new year brings regulatory shifts and plaintiffs’-bar activity that push data, privacy, and cybersecurity in unexpected directions. As we look ahead to 2026, our Data, Privacy, and Cybersecurity Group is...more
12/16/2025
/ Artificial Intelligence ,
Audits ,
California Consumer Privacy Act (CCPA) ,
Cookies ,
COPPA ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Data Privacy ,
Data Transfers ,
Enforcement Actions ,
Innovative Technology ,
Machine Learning ,
Online Safety for Children ,
Regulatory Requirements ,
State Privacy Laws
The California attorney general (CA AG) recently announced a settlement with Sling TV for alleged violations of the California Consumer Privacy Act (CCPA) and Unfair Competition Law (UCL). Sling TV is required to pay a...more
11/25/2025
/ California ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cookies ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Minors ,
Opt-Outs ,
Settlement ,
State Attorneys General ,
State Privacy Laws ,
Unfair Competition ,
Unfair Competition Law (UCL)
Companies in 2025 face significant and increasing litigation and enforcement risks when leveraging cookies and digital tracking technologies to support business needs and monetize data. Companies also continue to face...more
10/27/2025
/ Audits ,
Consent ,
Continuing Legal Education ,
Cookies ,
Data Management ,
Enforcement Actions ,
Information Governance ,
Intellectual Property Protection ,
Regulatory Requirements ,
Terms of Use ,
Web Tracking ,
Webinars ,
Website Accessibility ,
Websites
The California Privacy Protection Agency (CPPA) announced its latest enforcement action on September 30, 2025. The CPPA alleged that Tractor Supply Company violated multiple requirements of the California Consumer Privacy Act...more
10/3/2025
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Contract Terms ,
Cookies ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Privacy Laws ,
Regulatory Oversight ,
State Privacy Laws
The California attorney general’s (AG) July 1, 2025, proposed settlement with Healthline Media LLC (Healthline) marks the third cookie-related California Consumer Privacy Act (CCPA) settlement in as many months (alongside the...more
On March 7, 2025, the California Privacy Protection Agency (CPPA) issued a settlement order imposing a $632,500 fine on American Honda Motor Co., Inc. for violations of the California Consumer Privacy Act (CCPA). The CPPA...more
3/17/2025
/ Automotive Industry ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Honda ,
Personal Information ,
Privacy Laws ,
Regulatory Requirements ,
Settlement
On January 13, 2025, California Attorney General (AG) Rob Bonta issued two legal advisories: one for businesses generally (General Advisory) and one specific to healthcare entities (Health Advisory). These advisories identify...more
2/6/2025
/ Artificial Intelligence ,
California ,
Civil Rights Act ,
Compliance ,
Consumer Protection Laws ,
Data Privacy ,
Data Protection ,
Health Care Providers ,
Healthcare ,
Privacy Laws ,
State Attorneys General ,
Technology Sector ,
Unfair Competition
Following our recent client alert, learn more about enforcement targeting website tracking technologies and the impact on organizations in 2025. Elliot Golding and David Saunders share further insights from working with...more
1/27/2025
/ California Consumer Privacy Act (CCPA) ,
Consent ,
Cookies ,
Data Collection ,
Data Privacy ,
Popular ,
Privacy Acts ,
Privacy Laws ,
Risk Management ,
State Privacy Laws ,
Web Tracking ,
Websites
On September 13, 2024, the Colorado Attorney General’s (AG) Office published proposed draft amendments to the Colorado Privacy Act (CPA) Rules. The proposals include new requirements related to biometric collection and use...more
On July 15, 2024, the Office of the New York State Attorney General (OAG) published website privacy control guidance focused on cookies and other tracking technologies. The guidance identifies common deficiencies and...more
8/15/2024
/ Cookies ,
Corporate Counsel ,
Enforcement Actions ,
New Guidance ,
New York ,
Privacy Policy ,
State Attorneys General ,
State Privacy Laws ,
Technology ,
Tracking Systems ,
Web Tracking ,
Websites
On April 7, 2024, Rep. Cathy McMorris Rodgers (R-WA), the chair of the US House Committee on Energy and Commerce, and Sen. Maria Cantwell (D-WA), the chair of the US Senate Committee on Commerce, Science, and Transportation,...more
4/18/2024
/ Covered Entities ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Enforcement ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
New Legislation ,
Preemption ,
Privacy Acts ,
Privacy Laws ,
Privacy Policy ,
State and Local Government ,
State Privacy Laws ,
U.S. House
On March 18, 2024, the US Department of Health and Human Services Office for Civil Rights (OCR) issued an update to its December 1, 2022, bulletin titled “Use of Online Tracking Technologies by HIPAA Covered Entities and...more
3/22/2024
/ Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Enforcement Priorities ,
Guidance Update ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
OCR ,
PHI ,
Tracking Systems ,
Web Tracking ,
Websites
New state privacy laws regulating health data impose significant obligations and heightened risks. In addition to existing laws in California, Colorado and other states, Washington State’s My Health My Data Act and Nevada’s...more
3/4/2024
/ Benchmarking ,
Consumer Privacy Rights ,
Continuing Legal Education ,
Cookies ,
Data Privacy ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Information Technologies ,
New Legislation ,
PHI ,
State Privacy Laws ,
Tracking Systems ,
Webinars
CALIFORNIA -
On March 29, 2024, the amended California Consumer Privacy Act (CCPA) regulations will take effect. These regulations were originally slated to take effect in 2023, but a court ruling (that is being appealed)...more
1/11/2024
/ California ,
Colorado ,
Connecticut ,
Cybersecurity ,
Data Privacy ,
Data Protection Acts ,
Data Security ,
Florida ,
Montana ,
Oregon ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Reform ,
State and Local Government ,
State Privacy Laws ,
Texas ,
Virginia ,
Washington
Substantial changes to the California Consumer Privacy Act (CCPA) are coming soon through five sets of proposed regulations governing (1) cybersecurity audits, (2) privacy risk assessments, (3) artificial...more
On November 1, 2023, the New York Department of Financial Services (NYDFS) amended Part 500, the cybersecurity regulation. These updates follow numerous NYDFS enforcement actions and other new cybersecurity rules, such as the...more
On August 28, 2023, the California Privacy Protection Agency (CPPA) released discussion drafts of regulations on cybersecurity audits and privacy risk assessments in advance of the CPPA’s meeting on September 8,...more
9/5/2023
/ Audits ,
California ,
California Privacy Protection Agency (CPPA) ,
Corporate Governance ,
Cybersecurity ,
New Regulations ,
Personal Information ,
Privacy Laws ,
Regulatory Agenda ,
Risk Assessment ,
Risk Management ,
State Privacy Laws
Data governance is a mission-critical issue for every company and institution in the United States.
GCs face a host of pressing cybersecurity concerns. Triaging them requires time, attention, and a well-rounded strategy...more
8/18/2023
/ Cookies ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Healthcare ,
Legislative Agendas ,
Mobile Apps ,
New Legislation ,
New Rules ,
OCR ,
Personal Information ,
Regulatory Agenda ,
Risk Factors ,
Risk Management ,
State Privacy Laws ,
Technology Sector ,
Tracking Systems
Regulators in California and Colorado recently announced enforcement sweeps under new and newly updated state privacy laws. Companies in Colorado (including nonprofits) and California should double-check their privacy...more
At an Open Meeting on July 26, 2023, the US Securities and Exchange Commission (SEC) adopted final rules and amendments that impose new cybersecurity-related disclosure requirements for public companies subject to the...more
7/31/2023
/ Compliance ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Security ,
Disclosure Requirements ,
New Rules ,
Proposed Rules ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Required Forms ,
Risk Management ,
Securities and Exchange Commission (SEC)
On June 30, 2023, the California Superior Court hearing Cal. Chamber of Commerce v. Cal. Privacy Prot. Agency, No. 34-2023-80004106 (Cal. Sup. Ct.), delayed enforcement of the latest California Consumer Privacy Act (CCPA)...more
Join Elliot Golding, Daniel Gottlieb and Amy Pimentel for a deep dive into how the new state privacy laws impact the healthcare and financial services industries....more
6/9/2023
/ Banks ,
Continuing Legal Education ,
Data Privacy ,
Financial Institutions ,
Financial Services Industry ,
Health Care Providers ,
Personally Identifiable Information ,
PHI ,
Physicians ,
State Privacy Laws ,
Webinars
On July 1, 2023, two more state privacy laws will take effect. The new laws in Colorado and Connecticut will impose requirements that extend beyond the rules in California and Virginia that took effect earlier this year. July...more
5/15/2023
/ Best Practices ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Colorado ,
Connecticut ,
Consumer Privacy Rights ,
Continuing Legal Education ,
Data Privacy ,
New Legislation ,
Personally Identifiable Information ,
State Privacy Laws ,
Webinars
There has been a flurry of state privacy activity in the past week, with Colorado becoming the latest state to finalize sweeping data privacy rules and Iowa on the precipice of becoming the sixth state to enact comprehensive...more