Privacy & Cyber Regulatory Enforcement

California Attorney General Announces Investigative Sweep into “Surveillance Pricing”

January 29, 2026 By Daniel Felz, Dorian Simmons and Christian Seremetis

On January 28, 2026, California Attorney General (“AG”) Rob Bonta announced an investigative sweep targeting “surveillance pricing” practices among businesses in the retail, grocery, and hotel sectors. The investigation focuses on companies that use consumers’ personal information to set individualized prices. According to the AG’s press release, surveillance pricing practices could violate the California Consumer […]

European Commission Publishes Guidance For Companies Implementing the EU Cyber Resilience Act

January 29, 2026 By Paul Greaves, Kelly Hagedorn and Wim Nauwelaerts

On December 3, 2025, the European Commission published its first set of technical FAQs on the EU Cyber Resilience Act (‘CRA’). The CRA is an EU-wide law which lays down cybersecurity requirements for ‘products with digital elements’ (‘PDEs’), including IoT devices, hardware components, and certain software. It becomes fully applicable on December 11, 2027, with […]

DOJ Cybersecurity Enforcement Pace Shows No Signs of Slowing Down Going Into 2026

January 20, 2026 By Kim Peretti, Andrew Liebler, Lance Taubin and Andrew Rice

As 2025 drew to a close, the United States Department of Justice (DOJ) announced significant developments in cases relating to the allegedly deficient cybersecurity practices of two Department of Defense (DoD) contractors. These two cases suggest that the federal government will continue to make DFARS 7012 compliance for companies that process Controlled Unclassified Information (CUI) […]

Texas Court Blocks Smart TV Data Collection

January 5, 2026 By Jennifer Everett, David Keating and Lili Song

A Texas state court has issued a temporary restraining order (“TRO”) blocking Hisense, a major Chinese smart TV manufacturer, from collecting data on the content viewers watch via Automatic Content Recognition (“ACR”) technology. Background The TRO follows lawsuits that Texas Attorney General (“AG”) Ken Paxton filed on December 15, 2025, against Hisense and four other […]

NYDFS Releases New Prescriptive FAQs on MFA

December 22, 2025 By Kim Peretti, Kate Hanniford, Lance Taubin and Carson Kuck

The New York Department of Financial Services (NYDFS) has released a new set of Frequently Asked Questions (FAQs 18–23) under 23 NYCRR Part 500, reinforcing its position that multifactor authentication (MFA) remains a critical component of a covered entity’s cybersecurity program. These FAQs provide highly prescriptive guidance, including clarifications on technical requirements for the “possession” […]