The California Privacy Protection Agency (CPPA) issued a decision requiring Ford Motor Company to pay a fine of $375,703 and update its privacy practices following a settlement for its alleged violations of the California Consumer Privacy Act (CCPA). Under the CCPA, California residents have the right to direct a business to stop selling or sharing
compliance
CCPA 2026: What Companies Need to Know About California’s Revised Consumer Privacy Rule
By Kathryn Rattigan on
Posted in Data Privacy
The California Consumer Privacy Act (CCPA), as amended and effective January 1, 2026, brings the most detailed and sweeping changes since the law’s introduction. If you do business in California or handle Californians’ personal information, here’s what your company must know, and do, to avoid compliance risks.
Expanded Privacy Policy and Disclosure Requirements
The updated…
Lessons from the Sling TV CCPA Settlement: Why a Compliance Overhaul May Be Needed
By Kathryn Rattigan on
Posted in Enforcement + Litigation
The California Attorney General (CA AG) has again made waves in the privacy world, this time with a settlement requiring Sling TV to pay a $530,000 fine and make significant operational changes due to alleged violations of the California Consumer Privacy Act (CCPA) and Unfair Competition Law (UCL). This case signals an increase in CCPA…
CDPA Countdown: Hoosiers Get a Privacy Bill of Rights
By Roma Patel on
Posted in Data Privacy
Indiana’s new Consumer Data Protection Act (CDPA) takes effect on January 1, 2026. It follows other state consumer privacy laws by providing consumers with rights related to the collection and processing of their information. On November 25, 2025, Indiana’s Attorney General issued a Consumer Data Protection Bill of Rights as “a tool to educate Hoosiers…
AI at the Frontier: What California’s SB-53 Means for Large AI Model Developers
By Linn Foster Freedman & Roma Patel on
Posted in Artificial Intelligence
On September 29, 2025, Governor Gavin Newsom signed SB 53, the Transparency in Frontier Artificial Intelligence Act (“the Act”) into law, establishing a regulatory framework for developers of advanced artificial intelligence (AI) systems. The law imposes new transparency, reporting, and risk management requirements on entities developing high-capacity AI models. It is the first of its…
Texas AI Governance Law Signed by Governor
By Linn Foster Freedman on
Posted in Artificial Intelligence
On June 22, 2025, Texas Governor Greg Abbott signed the Texas Responsible AI Governance Act (TRAIGA) into law. Despite the ongoing debate in the U.S. Senate over the provision in the reconciliation bill that declares a moratorium on the ability of states to legislate artificial intelligence (AI), the signing of HB 149 is a…
50% of Professional Services Users Have Utilized AI Tools Not Authorized by Company
By Linn Foster Freedman on
Posted in Artificial Intelligence
A new survey from Intapp, titled “2025 Tech Perceptions Survey Report,” summarizes findings from a survey of fee-earners that there has been a “surge in AI usage.” The professions surveyed included accounting, consulting, finance, and legal sectors. Findings include that “AI usage among professionals has grown substantially, with 72% using AI at work versus…
Clock Ticking: DOJ’s New Data Security Rule Requires Compliance by July 8
By Kathryn Rattigan on
Posted in Enforcement + Litigation
U.S. companies are running out of time to comply with a sweeping new Department of Justice (DOJ) rule that limits sharing sensitive personal data with certain foreign countries—including China, Russia, and Iran. With a hard compliance deadline of July 8, 2025, businesses must act quickly to avoid steep civil or criminal penalties.
The rule…
Todd Snyder Fined for Technical CCPA Violations
By Kathryn Rattigan on
Posted in Data Privacy
The California Consumer Privacy Protection Agency (CPPA) Board issued a stipulated final order against Todd Snyder, Inc., a clothing retailer based in New York, requiring the company to pay a $345,178 fine and update its privacy program to settle allegations that it violated the California Consumer Privacy Act (CCPA). Specifically, Todd Snyder must update its methods…
PIH Health Settles HIPAA Violations for $600,000
By Linn Foster Freedman on
Posted in HIPAA and Health Information
PIH Health, a health care entity located in California, suffered a data breach in June 2019 when 45 employee email accounts were compromised in a targeted phishing campaign. The accounts contained the protected health information (PHI) of 189,763 individuals, including their names, social security numbers, driver’s license numbers, diagnoses, lab tests, medications, treatment, claims, and…