On September 23, 2025, the California Privacy Protection Agency (“CPPA”) announced that the California Office of Administrative Law (“OAL”) had approved the new and amended California Consumer Privacy Act regulations that the CPPA delivered to OAL for approval following the CPPA’s July 24, 2025 Board meeting. This was the last step under California law to […]
Data Security
Chilean Regulator Launches Public Consultation on New Cybersecurity Law
On 16 September 2025, the Chilean Cybersecurity Agency (Agencia Nacional de Ciberseguridad, ‘ANCI’) launched a public consultation on its provisional list of companies that may be classified as ‘operators of vital importance’ (Operadores de Importancia Vital, ‘OVI’) under the recently enacted Chilean Cybersecurity Law (Ley Marco de Ciberseguridad No. 21.663, ‘LMC’). This list (available online […]
DOJ Settles Cyber Qui Tam Action Against Illumina for Allegedly Unsecured Genomic Sequencing Products
On July 31, 2025, the United States Department of Justice (DOJ) announced a $9.8 million settlement with Illumina, Inc. (Illumina) to resolve alleged False Claims Act (FCA) violations related to cybersecurity vulnerabilities and shortcomings in its genomic sequencing products. Of the total settlement, $1.9 million will be paid to the qui tam whistleblower who brought […]
CPPA Board Votes to Adopt CCPA Regulations; Open DROP Rules to Public Comment
On July 24, 2025, the California Privacy Protection Agency (“CPPA”) Board voted to adopt draft regulations under the California Consumer Privacy Act (“CCPA”) concerning cybersecurity audits, risk assessments, automated decisionmaking technologies, and the CCPA’s application to insurance companies. The approved regulations also include certain updates to the existing CCPA regulations. The CPPA will now submit […]
CPPA Board to Discuss Draft CCPA Regulations, DROP Requirements
The California Privacy Protection Agency (“CPPA”) Board will meet on Thursday, July 24 to discuss the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automatic decisionmaking technology (“ADMT”), the CCPA’s application to insurance companies, and updates to the existing CCPA regulations. Ahead of the meeting, the CPPA re-issued the draft regulations […]