Privacy & Cyber Regulatory Enforcement

CPPA Holds Preliminary Stakeholder Session on Accessible Deletion Mechanism under Delete Act

July 24, 2024 By John Lesko

On June 26, 2024, the California Privacy Protection Agency (the “CPPA”) held a stakeholder session to provide information and gather stakeholder input on the CPPA’s mandate to build an accessible deletion mechanism known as the Delete Request and Opt-Out Platform (“DROP”) as required by the California Delete Act. DROP will allow consumers to request the […]

CPPA Board Declines to Advance CCPA Regulations to Formal Rulemaking; CPPA Highlights Enforcement Priorities

July 19, 2024 By Dorian Simmons

On July 16, 2024, the California Privacy Protection Agency (the “CPPA”) board declined to advance to formal rulemaking California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automated decisionmaking technology, insurance companies and updates to existing regulations. The CPPA board voted against advancing the regulations during its board meeting when it also […]

California AG Announces $500,000 Settlement with Mobile Game App Company for Unlawful Collection and Sharing of Children’s Data

July 15, 2024 By Maki DePalo, Jennifer Everett, Dorian Simmons and Hyun Jai Oh

On June 18, 2024, California Attorney General (“AG”) Rob Bonta and Los Angeles City Attorney Hydee Feldstein Soto announced a settlement with a video game developer and publisher regarding allegations that the company violated the California Consumer Privacy Act (the “CCPA”), the federal Children’s Online Privacy Protection Act (“COPPA”) and California’s Unfair Competition Law (the […]

What to Tell Your C-Suite About the EU AI Act

July 15, 2024 By Wim Nauwelaerts and Paul Greaves

On July 12, 2024, the European Union’s long-awaited Artificial Intelligence Act (AI Act) was finally published. It will enter into force on the twentieth day following its publication; i.e., on August 1, 2024. The AI Act is a landmark legal framework that imposes obligations on both private and public sector actors that develop, import, distribute, […]

SEC Corporation Finance Provides Additional Guidance on the Disclosure of Material Cybersecurity Incidents in Form 8-K

July 10, 2024 By Seol Namgoong, Sierra Shear, Cara Peterman and Kim Peretti

On June 24, 2024, the Division of Corporation Finance (“Corp Fin”) of the Securities and Exchange Commission (“SEC”) issued five new Compliance and Disclosure Interpretations (“C&DIs”) related to the disclosure of “material” cybersecurity incidents in Item 1.05 of Form 8-Ks. The C&DIs present hypothetical fact patterns related to ransomware attacks and insurance reimbursement for damages […]