Hunton Retail Law Resource

In today’s digital world, data breaches due to vendor failures are becoming increasingly common, often resulting in costly fallout. While insurance can provide a safety net, the interaction between cyber insurance and vendor contracts is crucial for effective recovery and risk management. Vendor contracts should not be treated as mere formalities but as vital frameworks that contain specific, detailed provisions regarding data security obligations to ensure accountability and minimize vulnerabilities.

Last week, the Office of Federal Procurement Policy (OFPP) and the Federal Acquisition Regulatory Council (FAR Council) released three new proposed deviations in their overhaul of the Federal Acquisition Regulation (FAR).

We recently wrote about the Trump administration’s efforts to streamline the Federal Acquisition Regulation (“FAR”).  The FAR contains approximately 2,000 pages of regulations that guide hundreds of billions of dollars in acquisitions each year.

The Texas legislature recently passed SB 840, which now heads to Governor Abbott’s desk for signature.

A Delaware court recently held in Mattel, Inc. and Fisher Price, Inc. v. XL Insurance America, Inc., et al., that a series of product liability claims dating back to 2013 constituted a single “occurrence” under the toy manufacturer’s and distributor’s commercial general liability (CGL) policies.

In December of last year we posted on Hunton’s Retail Law Resource Blog about the changing of the guard at the Securities and Exchange Commission (“SEC”) with the new administration.

On May 5, 2025, an Administrative Law Judge (“ALJ”) for the National Labor Relations Board (“NLRB” or the “Board”) ruled that retailer Costco Wholesale Corp. (“Costco”) violated the National Labor Relations Act (“NLRA” or the “Act”) when it asked employees involved in an internal investigation regarding sexual harassment allegations to sign a confidentiality agreement prohibiting them from discussing details concerning the investigation. The ALJ’s decision highlights considerations employers ought to take into account when balancing their interests in maintaining the integrity of internal investigations and complying with the NLRA.

On May 6, 2025, the California Privacy Protection Agency announced that it had issued an order requiring clothing retailer Todd Snyder, Inc. to change its business practices and pay a $345,178 fine to resolve alleged violations of the California Consumer Privacy Act.

Over the course of the last few years, applications to convert existing retail buildings into residential use have surged throughout the country.

Democratic State Senator Anna M. Caballero introduced Senate Bill 690 (S.B. 690), which aims to curb “abusive lawsuits” under the California Invasion of Privacy Act based on the use of cookies and other online technologies, on February 24, 2025, and the Bill is now scheduled to be heard by the Senate Public Safety Committee on April 29, 2025.