Privacy & Information Security Law Blog

On December 3, 2025, the California Privacy Protection Agency announced that it fined ROR Partners LLC, a Nevada-based marketing firm, $56,600 for failing to register as a data broker under California’s Delete Act.

On December 1, 2025, the Federal Trade Commission announced a proposed settlement with Illuminate Education, Inc., an education technology provider, to resolve allegations that the company’s data security failures led to a data breach affecting the personal information of over 10 million students.

On October 30, 2025, California Attorney General Rob Bonta announced a settlement with television streaming companies Sling TV LLC and Dish Media Sales LLC to resolve allegations that the companies violated the California Consumer Privacy Act by failing to provide an easy way for consumers to opt out of the sale or sharing of their personal information, and failing to provide sufficient privacy protections for minors.

On November 6, 2025, Connecticut Attorney General William Tong, along with California Attorney General Rob Bonta and New York Attorney General Letitia James, announced a significant settlement stemming from the enforcement of Connecticut’s Student Data Privacy Law.

On December 1, 2025, the UK Information Commissioner’s Office announced a new initiative to scrutinize privacy protections in mobile games frequently played by children in the UK.

Nishith Desai Associates reports that on November 13, 2025, India’s Ministry of Electronics and Information Technology enacted India’s Digital Personal Data Protection Rules, 2025, which operationalize India’s Digital Personal Data Protection Act, 2023.

On November 21, 2025, California Attorney General Rob Bonta announced a $1.4 million settlement with Jam City, a mobile gaming app company, for violations of the California Consumer Privacy Act’s opt-out of sale/sharing requirements.

California recently enacted California Assembly Bill 656, which requires social media platforms to make it easier and more straightforward for users to delete their social media accounts and personal information.

On November 20, 2025, the U.S. Securities and Exchange Commission issued a brief announcement that it filed a joint stipulation with defendants SolarWinds Corporation and its Chief Information Security Officer to dismiss, with prejudice, the SEC’s ongoing civil enforcement action against them.

On November 17, 2025, the Federal Trade Commission announced that Commissioner Melissa Holyoak has resigned her post, bringing the total number of vacant commissioner seats to three.