October 2025

This Client Alert is a monthly update on privacy and cybersecurity developments as posted on our Privacy & Information Security Law Blog. If you would like to receive email alerts when new posts are published, please visit our blog and enter your email address in the subscribe field.

• California Introduces New Age Verification Requirements for Software Applications
• Personal Information Protection Certification – One Data Export Mechanism in China
• UK Government Unveils New AI Sandbox to Accelerate AI Innovation
• EDPB Adopts Opinions on EU-UK Adequacy Decisions
• California Expands Data Broker Registration Requirements
• UK Government Urges Leading Businesses to Strengthen Cyber Security Measures
• OCR Reaches HIPAA Settlement with Cadia Healthcare Facilities Over Alleged HIPAA Privacy and Breach Notification
• Citizens Disability to Pay $1 Million Penalty to the FTC over Telemarketing Calls
• HHS OCR and ASTP Release Updated Security Risk Assessment Tool and User Guide
• California Strengthens Privacy Protections for Health and Location Data
• California Enacts First-In-Nation Law Requiring Web Browser Opt-Out Preference Signal
• California Governor Newsom Signs Groundbreaking AI Legislation into Law
• California's New Delete Request Tool Impacts Data Brokers and Residents.
• Tractor Supply Company to Pay $1.35 Million Fine to CCPA
• European Commission Opens Consultation on AI Act Serious Incident Guidance
• China Issued Draft Rules for Identifying Online Service Providers Subject to the Regulations on the Protection of Minors Online
• Newly Approved CCPA Regulations Have Staggered Deadlines for Compliance