Regulatory Enforcement

California AG Announces $1.4 Million Settlement with Mobile App Provider for Alleged CCPA Violations

December 1, 2025 By Maki DePalo, David Keating and Hyun Jai Oh

On November 21, 2025, California Attorney General (AG) Rob Bonta announced a $1.4 million settlement with Jam City, Inc. (company), a mobile game app company, for alleged failures to enable in-app opt-outs from the sale and sharing of personal information across many of the company’s mobile apps as required by the California Consumer Privacy Act […]

Closing the Privacy Gap: HIPRA Targets Health Apps and Wearables

November 19, 2025 By Sara Pullen, Angela Burnette and Jennifer Pike

Move over HIPAA…the health privacy landscape may be in for a shakeup. On November 4, 2025, Senator Bill Cassidy, M.D. (R-LA) introduced the Health Information Privacy Reform Act (HIPRA), a bill aimed at closing a gap in health data protections. HIPAA has long governed the privacy of traditional medical records held by health care providers […]

Multistate Privacy Investigative Sweep Targeting Website Global Privacy Control (GPC) Noncompliance

September 10, 2025 By David Keating, Daniel Felz and Hyun Jai Oh

On September 9, 2025, the California Privacy Protection Agency (CPPA) announced a joint investigation sweep targeting businesses that may be failing to honor consumers’ opt-out requests submitted via Global Privacy Control (GPC) signals, in coordination with the Attorneys General of California, Colorado, and Connecticut. The CPPA’s announcement underscores a growing trend of multi-jurisdictional collaboration among […]

CPPA Board Votes to Adopt CCPA Regulations; Open DROP Rules to Public Comment

July 25, 2025 By Dorian Simmons

On July 24, 2025, the California Privacy Protection Agency (“CPPA”) Board voted to adopt draft regulations under the California Consumer Privacy Act (“CCPA”) concerning cybersecurity audits, risk assessments, automated decisionmaking technologies, and the CCPA’s application to insurance companies. The approved regulations also include certain updates to the existing CCPA regulations. The CPPA will now submit […]

SEC Withdraws Proposed Cyber-Related Rule Applicable to Broker-Dealers And Signals SolarWinds Settlement on the Horizon

July 18, 2025 By Cara Peterman, Kate Hanniford, Sierra Shear, Madeleine Juszynski Davidson and Kristen Bartolotta

The Securities and Exchange Commission (SEC) recently announced the withdrawal of several Biden-era regulations, including a proposed rule that would have required a broad range of platforms and financial intermediaries (such as broker-dealers, clearing agencies, national securities exchanges, and transfer agents) to adopt policies and procedures that address cybersecurity risks. The proposed rule also would […]