The Connecticut Office of the Attorney General (“OAG”) issued an updated Enforcement Report (“Enforcement Report”) under the Connecticut Data Privacy Act (“CTDPA”). The Enforcement Report discusses the OAG’s enforcement actions in 2025 and suggests some areas of focus from the regulator, summarized below.Continue Reading Connecticut Attorney General Releases 2025 CTDPA Enforcement Report
New Jersey Enacts Amendment to its Comprehensive Privacy Law
On his last day in office, January 20, 2026, former New Jersey Governor Phil Murphy signed an amendment to the New Jersey Data Privacy Act, A5017. The bill amends the state’s comprehensive privacy law to add new data- and entity-level exemptions and to expand the definition of de-identified data. The amendment took effect immediately.Continue Reading New Jersey Enacts Amendment to its Comprehensive Privacy Law
Several States Introduce New Genetic Privacy Bills in Early 2026
Following a trend from the past few years, several states have introduced bills related to genetic privacy in recent months. These bills have focused on a range of issues, including the privacy practices of direct-to-consumer (“DTC”) genetic testing companies, the national security implications of “foreign adversaries” accessing genetic information, and other topics related to genetic privacy and testing. We summarize a subset of such recently introduced bills below.Continue Reading Several States Introduce New Genetic Privacy Bills in Early 2026
CalPrivacy Announces $45,000 Fine Against Data Broker for Delete Act Violations
On January 8, 2026, the California Privacy Protection Agency (“CalPrivacy”) announced an enforcement action against Rickenbacher Data LLC (d/b/a “Datamasters”), an information reseller, for failing to register as a data broker under the California Delete Act. Datamasters agreed to pay a $45,000 administrative fine, among other remedial measures. In November, CalPrivacy launched a Data Broker Enforcement Strike Force within its enforcement division to investigate violations of the law in the data broker industry, which builds upon a 2024 investigative sweep into data broker compliance.Continue Reading CalPrivacy Announces $45,000 Fine Against Data Broker for Delete Act Violations
California AG Announces $1.4 Million Settlement with Mobile App Gaming Developer Over CCPA Violations
On November 21, 2025, California Attorney General Rob Bonta announced a $1.4 million settlement with Jam City, Inc. (“Jam City”), a mobile app gaming company, for alleged violations of the California Consumer Privacy Act (“CCPA”) and Unfair Competition Law (“UCL”). The Jam City settlement marks Attorney General Bonta’s sixth settlement obtained under the CCPA and reflects a continued focus on how businesses present opt-out rights mechanisms to California consumers, including minors.Continue Reading California AG Announces $1.4 Million Settlement with Mobile App Gaming Developer Over CCPA Violations
New York Governor Vetoes Restrictive Health Privacy Law
On December 19, 2025, New York Governor Kathy Hochul vetoed the New York Health Information Privacy Act (“NYHIPA”). While NYHIPA bore similarities to Washington’s My Health My Data Act (“MHMD”) and Nevada’s Health Privacy Law (“SB 370”), it had several provisions that would have raised novel compliance and legal questions.Continue Reading New York Governor Vetoes Restrictive Health Privacy Law
Third Circuit Affirms Dismissal of CIPA and CMIA Claims
Last week, the Third Circuit affirmed dismissal of a putative class action asserting that defendant Quest Diagnostics violated the California Invasion of Privacy Act (“CIPA”) and the Confidentiality of Medical Information Act (“CMIA”) by employing a website pixel to track and collect data about their website activity for advertising purposes.
Continue Reading Third Circuit Affirms Dismissal of CIPA and CMIA ClaimsU.S. Senate Introduces the Health Information Privacy Reform Act
On November 4, 2025, Senator Bill Cassidy (R-LA), chair of the Senate Health, Education, Labor, and Pensions (“HELP”) Committee, introduced the Health Information Privacy Reform Act (“HIPRA”). HIPRA seeks to extend protections similar to those provided under the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (collectively, “HIPAA”) to certain health information collected by entities not currently regulated by HIPAA. HIPRA also proposes modifications and calls for guidance related to certain existing provisions of HIPAA as well as Part 2 (related to substance use disorder medical history).Continue Reading U.S. Senate Introduces the Health Information Privacy Reform Act
California Finalizes Updates to Existing CCPA Regulations
On September 23, 2025, the California Privacy Protection Agency announced that the state’s Office of Administrative Law approved regulations that update existing California Consumer Privacy Act (“CCPA”) regulations and introduce new regulations covering cybersecurity audits, risk assessments, and automated decision-making technology. The updates to the existing regulations—which take effect on January 1, 2026—expand business obligations under the CCPA and give consumers more control over their personal information. This blog post highlights key updates to the existing regulations. Continue Reading California Finalizes Updates to Existing CCPA Regulations
California Enacts New Privacy Laws
Recently, California Governor Gavin Newsom signed into law several privacy and related proposals, including new laws governing browser opt-out preference signals, social media account deletion, data brokers, reproductive and health services, age signals for app stores, social media “black box warning” labels for minors, and companion chatbots. This blog summarizes
Continue Reading California Enacts New Privacy Laws