Privacy & Information Security Law Blog

On March 7, 2025, the New York Attorney General announced a $650,000 settlement with Saturn Technologies Inc., the developer of a student social networking app, for alleged privacy violations.

On March 12, 2025, the California Privacy Protection Agency announced that it reached a settlement with American Honda Motor Co. in which Honda will pay a $632,500 fine to resolve claims that the company violated the CCPA.

After six months of enforcement of Oregon’s Consumer Privacy Act, a new report from the Oregon Attorney General indicates strong consumer engagement with the law’s privacy rights, notable business compliance efforts and key areas where businesses are falling short.

On March 6, 2025, the U.S. Department of Health and Human Services Office for Civil Rights announced a $200,000 civil monetary penalty against Oregon Health & Science University for allegedly violating the HIPAA Privacy Rule’s right of access.

On February 27, 2027, in Chabolla v. ClassPass Inc., the U.S. Court of Appeals for the Ninth Circuit, in a split 2-1 decision, held that website users were not bound by the terms of a “sign-in wrap” agreement.

The Attorney General of Arkansas filed a lawsuit against General Motors and its subsidiary, OnStar, alleging deceptive trade practices related to the collection and sale of drivers’ data.

On March 10, 2025, the Attorney General of New York filed a lawsuit against several insurance companies doing business as Allstate Insurance Company and National General for alleged violations of New York’s breach notification law, general business laws and consumer protection laws. 

On February 20, 2025, the U.S. District Court for the Northern District of Georgia granted a motion for class certification in a class action alleging that WebMD violated the federal Video Privacy Protection Act by disclosing certain user data to Facebook without the users’ consent. 

On March 5, 2025, the European Data Protection Board announced the launch of its latest Coordinated Enforcement Framework action addressing the right to erasure.

Last month, SEC Commissioner Hester Peirce, chair of the Crypto Task Force, laid out a broad agenda for the SEC’s approach to cryptocurrency over the next four years.