China’s internet regulatory authority and top prosecutors have recently released a series of enforcement actions and cases, aimed at highlighting enforcement priorities in the data security realm over the last year. In 2025,...more
1/30/2026
/ China ,
Compliance ,
Cross-Border Transactions ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Enforcement Priorities ,
International Data Transfers ,
Personal Information ,
Personal Information Protection Act ,
Privacy Laws ,
Regulatory Oversight ,
Regulatory Requirements
Navigating the 2026 CCPA Updates -
As forecasted, effective January 1, 2026, businesses that are subject to the California Consumer Privacy Act (CCPA) must comply with newly-updated regulations. For some businesses,...more
Over the last few years, businesses, nonprofits, and other website operators have seen thousands of lawsuits and arbitrations filed under the California Invasion of Privacy Act (CIPA) alleging that the use of ubiquitous...more
1/13/2026
/ Adtech ,
California ,
California Consumer Privacy Act (CCPA) ,
CIPA ,
Consumer Privacy Rights ,
Cookies ,
Data Privacy ,
New Legislation ,
Privacy Laws ,
Proposed Legislation ,
Regulatory Reform ,
Risk Mitigation ,
State Privacy Laws ,
Web Tracking
On December 19, 2025, New York Governor Kathy Hochul vetoed the New York Health Information Privacy Act (NY HIPA), a health data privacy bill that would have afforded consumer protections to non-HIPAA health data....more
A recent executive order (EO) launches the “Genesis Mission,” a national AI initiative the White House likens to the Manhattan Project in scale and ambition, aimed at unifying federal supercomputing, data, and research assets...more
12/15/2025
/ Artificial Intelligence ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Security ,
Department of Energy (DOE) ,
Executive Orders ,
Government Agencies ,
Innovation ,
Machine Learning ,
Research and Development ,
Risk Management
On October 13, 2025, California Governor Gavin Newsom vetoed S.B. 7, which would have required human oversight in certain types of employment decisions made solely by automated decision systems (“ADS”). If Gov. Newsom signed...more
The Regulatory and Enforcement Landscape. Colorado Attorney General Phil Weiser participated in a Fireside Chat with Greg Szewczyk, the Chair of Ballard Spahr’s Privacy and Data Security Group. They discussed significant...more
On September 23, 2025, the California Privacy Protection Agency (CPPA) announced the approval of final regulations under the California Consumer Privacy Act (CCPA) covering cybersecurity audits, risk assessments, and...more
10/15/2025
/ Audits ,
Automated Decision Systems (ADS) ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Final Rules ,
New Regulations ,
Regulatory Requirements ,
Risk Assessment ,
State Privacy Laws
On September 30, 2025, the California Privacy Protection Agency (CPPA) issued a $1.35 million fine, the largest in the CPPA’s history, against Tractor Supply Company, the nation’s largest rural lifestyle retailer. The fine...more
10/15/2025
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Employer Liability Issues ,
Enforcement Actions ,
Hiring & Firing ,
Job Applicants ,
Penalties ,
Personal Data ,
Retailers ,
State Privacy Laws ,
Statutory Violations
In a reminder that the FTC’s new enforcement priorities will likely drive additional litigation risks, days after the settlement was announced, Disney Worldwide Services and Disney Entertainment Operations, LLC (together,...more
9/10/2025
/ COPPA ,
Data Collection ,
Data Privacy ,
Department of Justice (DOJ) ,
Disney ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Internet Streaming ,
Minors ,
Online Safety for Children ,
Privacy Laws ,
Putative Class Actions ,
Settlement Agreements ,
Statutory Violations ,
YouTube
On June 11, 2025, Connecticut passed Senate Bill 01295 (SB 01295). If signed by the governor, SB 01295 will amend the existing Connecticut Data Privacy Act (CTDPA) in several important ways, with the amendments going into...more
6/19/2025
/ Connecticut ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Minors ,
New Amendments ,
Proposed Amendments ,
Regulatory Agenda ,
Sensitive Personal Information ,
Social Media ,
State Privacy Laws
On June 4, 2025, the Digital Advertising Alliance (“DAA”), the self-regulatory body that sets and enforces privacy standards for digital advertising, announced it is launching a process to determine if it is necessary to...more
This episode is part of our “Bridging Campuses: Legal Insights on Education Industry Consolidation” series, where we discuss trends in higher education consolidation and closures, and outline common characteristics of at-risk...more
On February 21, 2025, representatives in the California legislature introduced California Assembly Bill 1355, also known as the California Location Privacy Act (“AB 1355”). AB 1355 seeks to amend the California Consumer...more
3/13/2025
/ California ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Enforcement ,
Location Data ,
Location Privacy ,
Prior Express Consent ,
Proposed Legislation ,
Regulatory Agenda ,
State Attorneys General ,
State Privacy Laws
On February 12, 2025, the House Energy and Commerce Committee Chair Brett Guthrie (R-Ky) and Vice Chair John Joyce (R-Pa) announced the formation of 12-member working group tasked with developing comprehensive data privacy...more
2/20/2025
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
Federal Data Privacy ,
Federal Trade Commission (FTC) ,
Legislative Agendas ,
Personal Data ,
Proposed Legislation ,
Regulatory Agenda ,
State Privacy Laws ,
Working Groups
On January 6, 2025, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) published a Notice of Proposed Rulemaking (“NPRM”) to amend the Health Insurance Portability and Accountability Act...more
1/14/2025
/ Comment Period ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
NPRM ,
OCR ,
Patient Privacy Rights ,
Public Comment ,
Regulatory Agenda ,
Regulatory Reform ,
Risk Management
On December 5, 2024, the Colorado Department of Law adopted amended rules to the Colorado Privacy Act (CPA)....more
On November 7, 2024, Michigan lawmakers in the Senate introduced the Reproductive Data Privacy Act (“RDPA”), also known as Senate Bill 1082 (SB 1082). The bill aims to strengthen privacy protections for sensitive...more
On November 12, 2024, the Consumer Financial Protection Bureau (CFPB) released a report examining the carve outs and limitations contained in comprehensive state privacy laws relating to financial institutions. In an...more
11/21/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Fair Credit Reporting Act (FCRA) ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Open Banking ,
Personal Information ,
Regulatory Oversight ,
State Privacy Laws
On November 14, 2024, the California Privacy Protection Agency (“CPPA”), which is tasked with enforcing the California Consumer Privacy Act (the “CCPA”), announced it settled with two data brokers, Growbots, Inc. and UpLead...more
11/18/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Brokers ,
Data Management ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Personal Information ,
Registration Requirement ,
Regulatory Requirements ,
Settlement ,
State Privacy Laws ,
Statutory Violations
On August 5, 2024, Illinois Governor J.B. Pritzker signed into law SB 2979, significantly amending the state’s Biometric Information Privacy Act (BIPA). This update represents a considerable decrease in the potential for...more
The State of Texas and Meta Platforms Inc. (“Meta”) have agreed to a $1.4 billion settlement, to be paid out over five years, to resolve claims relating to Meta’s alleged use of facial recognition technology without user...more
8/1/2024
/ Biometric Information ,
Biometric Information Privacy Act ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Facial Recognition Technology ,
Personal Data ,
Personally Identifiable Information ,
Settlement
This episode is part of our Cyber Adviser series, where we discuss emerging issues in the world of privacy and data security.
Today, we’re joined by Paolo Sbuttoni, a partner at Foot Anstey with years of experience...more
Minnesota becomes the latest state to move to pass legislation regulating the processing and controlling of personal data (HF 4757 / SF 4782). If signed into law by Governor Tim Walz, the Minnesota Consumer Data Privacy Act,...more
In a regulatory filing, Reddit announced that the FTC is probing Reddit’s proposal to sell, license and share user-generated content with third parties to train artificial intelligence (AI) models. This move underscores the...more