CalPrivacy’s Data Broker Enforcement Strike Force: updates and enforcement actions
On November 26, 2025, CalPrivacy (previously the CPPA) issued a decision requiring ROR Partners LLC to pay $56,600 for failure to register as a data broker under California’s Delete Act. According to the decision, the company used “billions of data points” from over 262 million Americans to create consumer profiles and audience lists, which ROR’s […]
Overview: The EU General-Purpose AI Code of Practice
Why Do We Need a Code of Practice? On August 2, 2025, the general-purpose AI (GPAI) provisions of the EU AI Act went into effect. GPAI models (including models that support most generative AI, like ChatGPT), now face certain obligations in the EU, including requirements around transparency, copyright and systemic risk. However, the EU AI […]
CCPA Draft Regulations Sent for Final Approval
On July 24, 2025 the California Privacy Protection Agency (CCPA) board voted 5-0 to finalize Draft Regulations to the California Consumer Privacy Act (CCPA). The CPPA sent the rulemaking package to the Office of Administrative Law, which has 30 days to approve the regulations. The rulemaking process for these Draft Regulations began in 2022, and […]
AI Updates: An Overview of the Legal Landscape
As AI continues to advance, so do regulatory efforts. During the 2024 legislative session, 45 states along with Puerto Rico, the Virgin Islands, and Washington D.C. all introduced AI bills. With the legislative session for 2025 wrapping up, we are seeing similar tends this year. As new legal requirements emerge, organizations across the U.S. and […]
Overview of the Texas Responsible AI Governance Act
In June 2024, Texas Governor Abbott signed HB 149 for the Texas Responsible Artificial Intelligence Governance Act (TRAIGA, or the Act) into law, which will go into effect on January 1, 2026. With this law, Texas joins California, Colorado and Utah in implementing AI-specific state laws. While TRAIGA was originally provided a comprehensive AI framework, […]
Overview of New York’s Child Data Protection Act
In June 2024, New York Governor Kathy Hochul signed the New York Child Data Protection Act (Act) into law, which will go into effect on June 20, 2025. Per the Act’s justification, “[c]hildren now live much of their lives online,” including learning, socializing, shopping. They also “make mistakes online, and they discover who they are […]
DOJ Issues Final Rule on US Bulk Sensitive Data
The International Emergency Economic Powers Act (IEEPA) vests the President with authority to deal with extraordinary threats to national security and foreign policy that have their source in part or in whole outside of the United States. Acting pursuant to the IEEPA, President Biden issued Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal […]
Privacy Notice Requirements for California State Entities
In an era where data privacy concerns are top-of-mind, California has established a robust legal framework to protect personal information – not just for businesses, but for state entities, as well. The California Information Practices Act of 1977 (IPA) sets the foundation for state agencies handling data, while the California Public Records Act provides public access to […]
Data Collection Practices and CCPA Compliance: Key Takeaways from Honda’s CPPA Settlement
On March 12, 2025, the California Privacy Protection Agency (CPPA), one of the enforcement agencies for the California Consumer Privacy Act (CCPA), announced a settlement of over $630,000 with American Honda Motor Co. (Honda) for alleged privacy violations. This is the first time the CPPA has fined an automaker since the CPPA announced in July, […]
The Do’s and Don’ts of DSARs: A Practical Guide for Responding to Data Subject Access Requests
Handling data subject access requests (DSARs) isn’t as easy as ticking a compliance checkbox. It can be a test of an entity’s data organization, internal communication, and understanding of legal requirements. Between navigating jurisdictional nuances and meeting strict deadlines, the DSAR response process can quickly unravel without a clear plan. In this guide, we suggest […]