Data Protection

Chilean Regulator Launches Public Consultation on New Cybersecurity Law

September 18, 2025 By Alice Portnoy

On 16 September 2025, the Chilean Cybersecurity Agency (Agencia Nacional de Ciberseguridad, ‘ANCI’) launched a public consultation on its provisional list of companies that may be classified as ‘operators of vital importance’ (Operadores de Importancia Vital, ‘OVI’) under the recently enacted Chilean Cybersecurity Law (Ley Marco de Ciberseguridad No. 21.663, ‘LMC’). This list (available online […]

Texas Expands Data Broker Act Requirements

September 12, 2025 By Maki DePalo and Hyun Jai Oh

On September 1, 2025, the amendments to the Texas Data Broker Act (the Act) became effective. The Act, which originally came into effect on September 1, 2023, defines “data brokers” as business entities that derive their principal source of revenue from collecting, processing, or transferring personal data that they did not collect directly from consumers. […]

Multistate Privacy Investigative Sweep Targeting Website Global Privacy Control (GPC) Noncompliance

September 10, 2025 By David Keating, Daniel Felz and Hyun Jai Oh

On September 9, 2025, the California Privacy Protection Agency (CPPA) announced a joint investigation sweep targeting businesses that may be failing to honor consumers’ opt-out requests submitted via Global Privacy Control (GPC) signals, in coordination with the Attorneys General of California, Colorado, and Connecticut. The CPPA’s announcement underscores a growing trend of multi-jurisdictional collaboration among […]

CPPA Board to Discuss Draft CCPA Regulations, DROP Requirements

July 23, 2025 By Dorian Simmons

The California Privacy Protection Agency (“CPPA”) Board will meet on Thursday, July 24 to discuss the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automatic decisionmaking technology (“ADMT”), the CCPA’s application to insurance companies, and updates to the existing CCPA regulations. Ahead of the meeting, the CPPA re-issued the draft regulations […]

Additional Cybersecurity Requirements of NYDFS Part 500 Take Effect Today

May 1, 2025 By Kim Peretti, Kate Hanniford, Scott Hilsen, Lance Taubin and Andrew Rice

Today, on May 1, 2025, additional enhanced cybersecurity controls required by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) take effect. Although the Second Amendment was originally adopted in November of 2023, NYDFS established a multi-year rollout of the Second Amendment’s requirements, […]