On November 20, 2025, the Securities and Exchange Commission (SEC) dismissed its landmark enforcement action against SolarWinds Corp. and the company’s Chief Information Security Officer, Tim Brown. In 2023, the SEC’s enforcement action broke new ground as the first formal action by the Commission against a CISO and the first civil fraud action litigated by […]
Privacy & Cybersecurity Litigation
California Enacts Digital Age Verification Law
On October 13, 2025, California Governor Gavin Newsom signed Assembly Bill 1043, the Digital Age Assurance Act (Act), into law. Effective January 1, 2027, the Act introduces a device-based age verification system designed to create safer digital environments for children under 18. The Act underscores a trend of state laws that require age verification or […]
FTC Cracks Down on Messaging App Operator on Child Data Exploitation
On September 29, 2025, the Federal Trade Commission (FTC) announced a legal action against the operator of the anonymous messaging app Sendit and its CEO for violations of multiple consumer protection and privacy laws. The complaint, filed in the United States District Court for the Central District of California by the Department of Justice at […]
Unlocking the MIND Act: The Senate To Take on the Challenge of Neurotechnology
On September 24, 2025, Ranking Member Cantwell (D-Wash.), Leader Schumer (D-NY), and Senator Markey (D-Mass.) announced they will introduce the “Management of Individuals’ Neural Data Act of 2025” (“MIND Act”). If enacted, the MIND Act will direct the Federal Trade Commission (“FTC”) to conduct a comprehensive study and report on the collection, processing, storage, sale, […]
Suite Victory: Marriott Finally Checks Out of Court
On June 3, 2025, the U.S. Court of Appeals for the Fourth Circuit issued a pivotal ruling in longstanding litigation against Marriott International, Inc., arising out of a 2018 data breach involving its Starwood Preferred Guest Program. In reversing the lower court’s grant of class certification, the Fourth Circuit determined that the customers’ contractual agreements […]