Regulatory Enforcement

CalPrivacy Goes to the Board with Digital Advertising-Focused Enforcement

March 9, 2026 By Cynthia Cole, Dorian Simmons and Anna von Spakovsky

On February 27, 2026, the California Privacy Protection Agency (“CalPrivacy”) issued an order (the “Order”) requiring a sports-focused media and technology company (the “Company”) to pay a $1.10 million administrative fine for violations of the California Consumer Privacy Act (“CCPA”). The action continues California regulators’ scrutiny of how companies deploy cookies, software development kits and […]

CISA Revives CIRCIA Rulemaking

March 2, 2026 By Kim Peretti, Lance Taubin and Scott Hilsen

Almost two years after seeking stakeholder input about a final rule under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), the Cybersecurity and Infrastructure Security Agency (CISA) announced that it will hold virtual town hall meetings for certain industry sectors in March and April 2026 to solicit additional input on the Notice […]

California Attorney General Announces Investigative Sweep into “Surveillance Pricing”

January 29, 2026 By Daniel Felz, Dorian Simmons and Christian Seremetis

On January 28, 2026, California Attorney General (“AG”) Rob Bonta announced an investigative sweep targeting “surveillance pricing” practices among businesses in the retail, grocery, and hotel sectors. The investigation focuses on companies that use consumers’ personal information to set individualized prices. According to the AG’s press release, surveillance pricing practices could violate the California Consumer […]

California AG Announces $1.4 Million Settlement with Mobile App Provider for Alleged CCPA Violations

December 1, 2025 By Maki DePalo, David Keating and Hyun Jai Oh

On November 21, 2025, California Attorney General (AG) Rob Bonta announced a $1.4 million settlement with Jam City, Inc. (company), a mobile game app company, for alleged failures to enable in-app opt-outs from the sale and sharing of personal information across many of the company’s mobile apps as required by the California Consumer Privacy Act […]

Closing the Privacy Gap: HIPRA Targets Health Apps and Wearables

November 19, 2025 By Sara Pullen, Angela Burnette and Jennifer Pike

Move over HIPAA…the health privacy landscape may be in for a shakeup. On November 4, 2025, Senator Bill Cassidy, M.D. (R-LA) introduced the Health Information Privacy Reform Act (HIPRA), a bill aimed at closing a gap in health data protections. HIPAA has long governed the privacy of traditional medical records held by health care providers […]