Enforcement + Litigation

Subscribe to Enforcement + Litigation via RSS

On October 6, 2025, Bloomberg reported that the Securities and Exchange Commission (SEC) has launched an investigation into AppLovin Corporation’s data-collection practices, following an alleged whistleblower complaint and a series of short-seller reports. We previously covered the shareholder class action against AppLovin in another blog post. The company is a mobile advertising technology business that

Last week, we covered the Cybersecurity Maturity Model Certificate (CMMC) Procurement Rule (the Rule), which formalizes cybersecurity as a condition of doing business with the U.S. Department of Defense (DoD). The Rule requires federal contractors and subcontractors to demonstrate they meet the specified security standards before accessing Federal Contract Information (FCI) and Controlled Unclassified Information

Recently, the United States District Court in the Southern District of Texas granted summary judgment for the defendant hospital in Sweat v. Houston Methodist Hospital, No. 4:24-cv-00775 (S.D. Tex. 9/22/25). The court had previously dismissed the plaintiffs’ claim for invasion of privacy. The motion for summary judgment concentrated on the plaintiffs’ claims that

Green Diamond Resource Company, a forest management business, is seeking court approval to pay $695,000 to settle claims that it failed to adequately safeguard the personal information of about 28,000 consumers in a 2023 data breach. Gregorio v. Green Diamond Resource Co., No. 2:24-cv-00596 (W.D. Wash. 9/22/25).

The breach allegedly exposed a wide range of

In August 2024, The Department of Defense (DoD) released a proposed amendment to the Defense Acquisition Regulations Supplement (DFARS) – which provides acquisition policies and procedures for the DoD – that would require a Cybersecurity Maturity Model Certification (CMMC) program to become a required part of the DoD’s contracting process. The CMMC program is a

The Attorneys General of California, Connecticut, and Colorado, along with the California Privacy Protection Agency (“the Coalition”) announced on September 9, 2025, that they are banding together as a coalition on an investigative sweep of “potential noncompliance” with Global Privacy Control (GPC), that provides businesses with “an easy-to-use browser setting or extension that automatically signals

In August, the Office for Civil Rights (OCR) published guidance relating to individuals’ rights to access their protected health information (PHI) under HIPAA. As we covered in our earlier blog post about the August guidance, the new FAQs came amidst OCR’s continued enforcement focus on its Right of Access initiative, under which the OCR has

Disney has agreed to pay $10 million and change how it labels children’s videos on YouTube to settle claims by the Federal Trade Commission (FTC) that the company violated federal children’s privacy laws.

The settlement resolves allegations that Disney subsidiaries Disney Worldwide Services Inc. and Disney Entertainment Operations LLC failed to properly flag some of