The Cybersecurity Information Sharing Act of 2015 (“CISA 2015”), which provides liability protections and other safeguards for sharing certain cybersecurity information with the U.S. federal government and private entities, was reauthorized as part of the funding bill enacted on February 3, 2026. CISA 2015’s information‑sharing provisions, which had been scheduled to sunset on January 30, 2026, will now remain in effect through September 30, 2026.Continue Reading Cybersecurity Information Sharing Act of 2015 Reauthorized Through September 2026
FTC Sets Aside Rytr Final Order Pursuant to White House AI Action Plan
On December 22, the Federal Trade Commission (“FTC”) issued an order setting aside its 2024 final consent order against Rytr, LLC (“Rytr”) on the grounds that the facts alleged in the Rytr complaint did not violate Section 5. The Commission further found that the Rytr order did not provide any
Continue Reading FTC Sets Aside Rytr Final Order Pursuant to White House AI Action PlanFTC Announces 10-Year Information Security Consent Orders with Illuminate Education and Illusory Systems
The Federal Trade Commission (FTC) recently announced that it agreed to proposed consent orders with two companies that experienced recent cybersecurity incidents, Illuminate Education (“Illuminate”) and Illusory Systems, which does business as Nomad (“Illusory”), to resolve allegations that both companies’ information security practices had violated Section 5 of the FTC
Continue Reading FTC Announces 10-Year Information Security Consent Orders with Illuminate Education and Illusory SystemsGreystar’s $24 Million Settlement Signals FTC Crackdown on Hidden Rental Fee
On December 2, Greystar agreed to a $24 million settlement over allegations it misled renters by omitting mandatory fees from advertised monthly rents. This settlement underscores the FTC’s continuing scrutiny of “junk fees” and signals that the FTC may pursue rulemaking requiring greater transparency in rental fee advertising. Continue Reading Greystar’s $24 Million Settlement Signals FTC Crackdown on Hidden Rental Fee
NYDFS Publishes Industry Guidance on Managing Cyber Risks Related to Third-Party Service Providers
On October 21, 2025, the New York State Department of Financial Services (“NYDFS”) issued an industry letter (the “Guidance”) highlighting the cybersecurity risks related to Covered Entities’ use of Third-Party Service Providers (“TPSPs”) and providing strategies to address these risks. The Guidance is addressed to all Covered Entities subject to NYDFS’s cybersecurity regulation codified at 23 NYCRR Part 500 (“Cybersecurity Regulation”), which requires Covered Entities to implement a comprehensive cybersecurity program that includes written policies addressing TPSP risks as well as due diligence, contractual requirements, and periodic assessments for TPSPs. While the Guidance is explicit that it “does not impose any new requirements” beyond those already included in the Cybersecurity Regulation, it provides significant additional detail to clarify how to comply with existing requirements and offers industry best practices to mitigate TPSP-related cyber risks. As the Guidance suggests that NYDFS will continue to focus on TPSP-related cyber risks, Covered Entities should consider reviewing their TPSP oversight and management against the specific recommendations from the Guidance and adjusting their practices where appropriate. Alongside a review of TPSP oversight and management, Covered Entities may also consider reviewing their implementation of the provisions of the Cybersecurity Regulation requiring multifactor authentication, asset management, and data retention, which take effect on November 1, 2025.Continue Reading NYDFS Publishes Industry Guidance on Managing Cyber Risks Related to Third-Party Service Providers
FTC Sues Live Nation and Ticketmaster for Deceptive Pricing Tactics
On September 17, 2025, the Federal Trade Commission (“FTC”) and seven states – Colorado, Florida, Illinois, Nebraska, Tennessee, Utah, and Virginia – sued Live Nation and Ticketmaster for violations of Section 5 of the FTC Act and the Better Online Ticket Sales Act (“BOTS Act”). Additionally, each state Attorney General alleges violation of various state consumer protection laws, including the Colorado Consumer Protection Act, Florida Deceptive and Unfair Trade Practices Act, Illinois Consumer Fraud and Deceptive Business Practices Act, Illinois Uniform Deceptive Trade Practices Act, Nebraska Uniform Deceptive Trade Practices Act, Tennessee Consumer Protection Act, and Utah Consumer Sales Practices Act. Continue Reading FTC Sues Live Nation and Ticketmaster for Deceptive Pricing Tactics
FTC Sues LA Fitness Operators for Unfair Gym Cancellation Policies
On August 20, 2025, the Federal Trade Commission (“FTC”) sued Fitness International, LLC and Fitness & Sports Club LLC – the parent companies of LA Fitness and other gym chains – for violations of Section 5 of the FTC Act and the Restore Online Shoppers’ Confidence Act (“ROSCA”) in connection with alleged practices that make it difficult for their customers to cancel their gym memberships and other add-on services. The FTC seeks a court order prohibiting the allegedly unfair and unlawful conduct and restitution to consumers harmed by the difficulty in cancelling memberships.Continue Reading FTC Sues LA Fitness Operators for Unfair Gym Cancellation Policies