Privacy & Information Security Law Blog

The California Privacy Protection Agency Board will hold Board meetings on March 6 at 2 PM PT and March 7 at 9 AM PT addressing the creation of a data broker deletion request mechanism, pursuant to the CA Delete Act.

The Cyberspace Administration of China recently released requirements regarding data protection compliance audits, which will go into effect on May 1, 2025.

The People’s Bank of China recently released the Draft Administrative Measures for Reporting of Cybersecurity Incidents in the Operational Areas of PBOC for public comment.

NetChoice has filed a lawsuit challenging Maryland’s Age-Appropriate Design Code Act on constitutional grounds, arguing that the law’s requirements, including requirements to perform data protection impact assessments, inhibit free speech.

As part of the California Privacy Protection Agency’s investigative sweep of data broker registration compliance under California’s Delete Act, the CPPA recently announced an enforcement action against a Florida-based data broker and a settlement with a California-based data broker for failure to register as a data broker on the California Data Broker Registry, as required under the Delete Act.

On February 20, 2025, the U.S. Department of Health and Human Services’ Office for Civil Rights announced a $1.5 million fine against Warby Parker for alleged violations of the HIPAA Security Rule.

Attorney General Ken Paxton announced an investigation into DeepSeek, a Chinese artificial intelligence company, regarding its privacy practices and compliance with Texas law.

On February 8, 2025, the Shanghai Cyberspace Administration and four other Shanghai government agencies released the Data Export Management List in the Free Trade Trial Zone and Lin Gang New Area, Administrative Measures on the Negative List, and the Implementation Guideline on the Negative List.

On February 7, 2025, the U.S. District Court for the Western District of Texas granted a preliminary injunction further blocking enforcement of Texas’ Securing Children Online through Parental Empowerment Act.

It has been nearly two decades since Illinois introduced the first biometric information privacy law in the country in 2008, the Illinois Biometric Information Privacy Act (“BIPA”). Since then, litigation relating to biometric information privacy laws has mushroomed, and the insurance industry has responded with increasingly broad exclusions for claims stemming from the litigation.