Privacy & Information Security Law Blog

A bill making its way through the California legislature (S.B. 361) would amend the California Delete Act to require data brokers to provide significantly more information in their registration applications with the California Privacy Protection Agency.

On September 3, 2025, the EU’s General Court issued its judgment in the Latombe v. Commission case. The applicant, a member of the French National Assembly, sought the annulment of the adequacy decision adopted by the European Commission with respect to the EU-U.S. Data Privacy Framework.

The Colorado Department of Law recently issued a Notice of Proposed Rulemaking with proposed draft amendments to the Colorado Privacy Act rules.

A recent decision by the U.S. Couple of Appeals for the Sixth Circuit granting the IRS access to certain EU personal data has created potential legal compliance implications for multinational organizations subject to the EU GDPR.

On August 27, 2025, the Federal Trade Commission announced that fees for telemarketers to access phone numbers listed on the National Do Not Call Registry will increase effective October 1, 2025.

On August 28, 2025, the UK Information Commissioner’s Office initiated a public consultation on draft guidance on Distributed Ledger Technologies, focusing on blockchain.

On August 13, 2025, the National Computer Virus Emergency Response Center of China announced that it had identified 70 mobile applications as being in violation of China’s Personal Information Protection Law. The findings highlight potential areas of regulatory enforcement.

On August 14, 2025, the New York Department of Financial Services announced a settlement with dental insurance management services provider, Healthplex, following an investigation conducted in the wake of a 2021 data breach that revealed alleged violations of the NYDFS Cybersecurity Regulation.

On August 13, 2025, New York Attorney General Letitia James announced the filing of a lawsuit against Zelle for its failure to adopt adequate account security and verification measures, leading to the theft of $1 billion from Zelle users.

On August 21, 2025, the UK Information Commissioner’s Office initiated public consultations to refine certain guidance following amendments to UK data protection law passed under the Data (Use and Access) Act 2025.