A comprehensive bill strengthening data privacy protections for Oklahomans has been signed into law. Senate Bill 546 (the “Oklahoma Data Privacy Act” or the “Act”) will become effective January 1, 2027. The Act establishes...more
On March 3, 2026, the California Privacy Protection Agency (CPPA or "Agency") Board issued a decision requiring PlayOn Sports to pay a $1.10 million fine and change its practices following a settlement reached by the Agency's...more
3/12/2026
/ Advertising ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Cookies ,
Data Collection ,
Enforcement Actions ,
Fines ,
Information Technology ,
Internet ,
Minors ,
Opt-Outs ,
Personal Information ,
Risk Assessment ,
State Privacy Laws ,
Statutory Violations ,
Web Tracking
On February 5, 2026, Florida Attorney General James Uthmeier announced the creation of the Consumer Harm from International Nefarious Actors ("CHINA") Prevention Unit, a new enforcement section within the Office of the...more
3/2/2026
/ China ,
Data Privacy ,
Data Security ,
Enforcement Actions ,
Florida ,
Foreign Adversaries ,
International Data Transfers ,
Medical Devices ,
National Security ,
State Attorneys General ,
State Privacy Laws ,
Subpoenas
As organizations across the country adapt to an ever-changing digital environment, 2025 brought a wave of important updates in data privacy and cybersecurity at both the federal and state levels. New and amended state laws,...more
1/21/2026
/ COPPA ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
New Legislation ,
New Regulations ,
Popular ,
Privacy Laws ,
Regulatory Requirements ,
State Attorneys General ,
State Privacy Laws
The rapidly evolving patchwork of state data privacy laws has created increasing compliance obligations for businesses who operate in the United States. Currently, 20 states have enacted comprehensive data privacy laws in the...more
1/20/2026
/ Consumer Privacy Rights ,
Data Collection ,
Data Mapping ,
Data Privacy ,
Data Protection ,
Data Security ,
New Legislation ,
Personal Data ,
Personal Information ,
Privacy Policy ,
Regulatory Requirements ,
State Data Privacy Laws ,
State Privacy Laws
On October 30, 2025, following a 2024 investigative sweep, California Attorney General Rob Bonta ("Cal AG") announced a $530,000 settlement with a company providing streaming services (the "Company") for alleged violations of...more
11/12/2025
/ California ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Minors ,
Opt-Outs ,
Settlement ,
State Attorneys General ,
State Data Privacy Laws ,
State Privacy Laws
In 2019, the US data privacy framework changed significantly with the emergence of the California Consumer Privacy Act which created a significant compliance burden for most businesses that collect personal information about...more
10/8/2025
/ Consumer Privacy Rights ,
Data Collection ,
Data Mapping ,
Data Privacy ,
Data Security ,
New Legislation ,
Opt-Outs ,
Personal Data ,
Personal Information ,
Privacy Policy ,
Regulatory Requirements ,
State Privacy Laws ,
Vendors
On September 30, 2025, the California Privacy Protection Agency (CPPA) announced a record $1.35 million settlement with Tractor Supply Company for violations of the California Consumer Privacy Act (CCPA). The settlement...more
On September 23, 2025, the California Office of Administrative Law (OAL) approved the final regulations proposed by the California Privacy Protection Agency (CPPA) on July 24, 2025 related to automated decision-making...more
The Department of Defense (DoD) has issued a Final Rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to embed contractual requirements under the Cybersecurity Maturity Model Certification (CMMC)...more
On July 30, 2025, the U.S. Department of Justice (DOJ) announced that biotechnology company Illumina Inc. agreed to pay $9.8 million plus interest to resolve allegations of misrepresenting compliance with federal...more
8/6/2025
/ Biotechnology ,
Corporate Counsel ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Department of Justice (DOJ) ,
Enforcement Actions ,
False Claims Act (FCA) ,
Food and Drug Administration (FDA) ,
Medical Devices ,
NIST ,
Popular ,
Whistleblowers
California Attorney General Rob Bonta ("Cal AG") has announced a record $1.55 million settlement with Healthline Media LLC. (Healthline) for alleged violations of the California Consumer Privacy Act (CCPA). A California...more
The persistence and evolution of cybercrime across the US is reshaping M&A in the cybersecurity sector. Driven by escalating threats, increasing costs and liability to businesses, and a growing and more defined regulatory...more
6/25/2025
/ Acquisitions ,
China ,
Cyber Attacks ,
Cybersecurity ,
Government Agencies ,
Investment ,
Mergers ,
National Security ,
Private Equity ,
Ransomware ,
Regulatory Requirements
On April 22, 2025, the Federal Trade Commission (FTC) published its final amendments ("the Amendments") to the Children's Online Privacy Protection Act (COPPA) Rule in the Federal Register. The Amendments expand the...more
5/20/2025
/ Artificial Intelligence ,
Biometric Information ,
COPPA ,
Data Collection ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Final Rules ,
Parental Consent ,
Personal Information ,
Privacy Laws ,
Regulatory Requirements ,
Technology
On April 11, 2025, the Department of Justice (DOJ) issued guidance (Guidance) to assist individuals and entities in coming into compliance with its final rule, referred to as the "Data Security Program" (DSP Rule), which...more
Oregon Attorney General Dan Rayfield has released a report detailing implementation steps and enforcement actions taken during the first six months of the Oregon Consumer Privacy Act ("OCPA"), which entered into force in July...more
The Department of Justice (DOJ) issued a final rule (the "Rule") on December 27, 2024, implementing Executive Order 14117 "Preventing Access to Americans' Bulk Sensitive Personal Data and United States Government-Related Data...more
The Texas Attorney General has emerged as a significant regulatory enforcement authority for data privacy in the US. Traditionally, data privacy enforcement in the US has emanated from the Federal Trade Commission and other...more
2/4/2025
/ Compliance ,
Consent ,
Consumer Privacy Rights ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Personal Data ,
Popular ,
Privacy Laws ,
Privacy Notice Rule ,
State Privacy Laws
The momentum for change in US state privacy laws accelerated in 2024, driven by several significant developments, including efforts for a federal privacy law, state-level enforcement actions and the activation of four new...more
1/22/2025
/ Business Entities ,
Compliance ,
Consumer Privacy Rights ,
Corporate Counsel ,
Corporate Governance ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements ,
State and Local Government ,
State Privacy Laws
California Bills, Rulemaking, and Enforcement Update -
CPPA automated decision-making technology -
On November 22, 2024, the California Privacy Protection Agency (CPPA) opened the formal public comment period on its...more
1/21/2025
/ Algorithms ,
Automated Decision Systems (ADS) ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
New York ,
Online Safety for Children ,
Privacy Laws ,
State Privacy Laws ,
Texas
On October 16, 2024, the New York State Department of Financial Services (the "DFS"), under its Cybersecurity Regulation—23 NYCRR Part 500—issued a memorandum providing guidance on the risks posed by artificial intelligence...more
11/26/2024
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Covered Entities ,
Cybersecurity ,
Cybersecurity Framework ,
Enforcement ,
Financial Institutions ,
Financial Services Industry ,
NYDFS ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management ,
Technology Sector
The U.S. Securities and Exchange Commission's ("SEC") Division of Enforcement has recently brought a spate of enforcement actions relating to key topics for public companies. These include enforcement actions related to...more
On July 18, 2024, a New York federal judge dismissed most of the US Securities and Exchange Commission’s ("SEC") claims against SolarWinds Corp. ("SolarWinds" or the "Company") and its Chief Information Security Officer...more
In June 2024, California Attorney General Rob Bonta and Los Angeles City Attorney Hydee Feldstein Soto announced a $500,000 settlement1 with Tilting Point Media LLC (Tilting Point). After a joint investigation by the...more
Rhode Island became the latest state to enact comprehensive data privacy legislation, when the Rhode Island Data Transparency and Privacy Protection Act (the "Rhode Island Data Privacy Act") passed into law on June 28, 2024....more