Privacy & Cybersecurity Law Blog

CalPrivacy Issues $1.1 Million Fine for CCPA Violations Involving Student Privacy

Wed, 11 Mar 2026 09:00:01 -0400

On March 3, 2026, the CalPrivacy announced its first enforcement action involving student privacy, requiring PlayOn Sports to pay a $1.10 million fine for alleged violations of the CCPA’s opt-out rights and requirements.

Continue Reading ›

HHS Final Rule on 42 CFR Part 2 Requires Targeted Updates to HIPAA Privacy Notices

Tue, 10 Mar 2026 09:00:02 -0400

Recent changes to 42 CFR Part 2 mean many covered entities must update their HIPAA Notices of Privacy Practices by February 16, 2026.

Continue Reading ›

Alabama Enacts App Store Accountability Act Requiring Age Verification

Mon, 09 Mar 2026 09:00:03 -0400

On February 5, 2026, Alabama Governor Kay Ivey signed Alabama House Bill 161, the App Store Accountability Act, establishing age categorization, age verification and parental consent requirements for mobile application marketplace providers operating in Alabama, effective January 2027.

Continue Reading ›

CalPrivacy Reaches Settlement with Ford Motor Company Over CCPA Opt-Out Right Violations

Mon, 09 Mar 2026 09:00:04 -0400

On March 5, 2026, the California Privacy Protection Agency announced that the agency had reached a settlement with Ford Motor Company resolving an enforcement action against the company that alleged noncompliance with the California Consumer Privacy Act’s opt-out of sale/sharing rights.

Continue Reading ›

European Commission Seeks Feedback on Draft Cyber Resilience Act Guidelines

Fri, 06 Mar 2026 09:00:05 -0500

On March 3, 2026, the European Commission published draft guidelines intended to clarify the application of the Cyber Resilience Act and opened a public consultation to gather feedback from stakeholders.

Continue Reading ›

UK ICO Launches Consultation on New Guidance on Research, Archiving and Statistics Provisions

Fri, 06 Mar 2026 09:00:06 -0500

On February 27, 2026, the UK ICO announced a public consultation on proposed updates to its guidance concerning research, archiving and statistics to reflect the changes introduced by the Data (Use and Access) Act 2025.

Continue Reading ›

HHS OCR Settles HIPAA Security Rule Investigation with Top of the World Ranch Treatment Center for $103,000

Mon, 02 Mar 2026 09:00:07 -0500

On February 19, 2026, the U.S. Department of Health and Human Services’ Office for Civil Rights announced a $103,000 settlement with Top of the World Ranch Treatment Center, an Illinois substance use disorder treatment provider, to resolve alleged noncompliance with the HIPAA Security Rule’s risk analysis requirement.

Continue Reading ›

FTC Issues COPPA Policy Statement Encouraging Adoption of Age-Verification Technologies

Thu, 26 Feb 2026 09:00:08 -0500

The Federal Trade Commission has issued a new Policy Statement encouraging the adoption of robust age‑verification technologies by pledging not to bring enforcement actions under the COPPA Rule against operators of general‑ or mixed‑audience sites that collect, use or disclose personal information solely to determine users’ ages, so long as long as they follow strict safeguards.

Continue Reading ›

UK ICO Fines Reddit £14.47 Million for Failing to Protect Children’s Privacy

Thu, 26 Feb 2026 09:00:09 -0500

On February 24, 2026, the UK ICO announced that it had fined Reddit, Inc. £14.47 million following an investigation into the company’s handling of children’s personal information.

Continue Reading ›

OECD Publishes Due Diligence Guidance for Responsible AI

Tue, 24 Feb 2026 09:00:10 -0500

On February 19, 2026, the Organisation for Economic Co-operation and Development published new guidance on the implementation of its Guidelines for Multinational Enterprises and AI Principles.

Continue Reading ›