Posts from May 2025.
Time 2 Minute Read

On May 21, 2025, the European Commission published a proposal for a new regulation simplifying certain regulatory requirements for small mid-caps, which will be companies with fewer than 750 employees and either up to €150 million in turnover or up to €129 million in balance sheet.

Time 2 Minute Read

On May 15, 2025, the U.S. Department of Health and Human Services’ Office for Civil Rights announced a settlement with Vision Upright MRI, a small California-based radiology provider, over alleged violations of the HIPAA Security and Breach Notification Rules.

Time 2 Minute Read

On May 8, 2025, the European Data Protection Board and the European Data Protection Supervisor adopted a joint letter addressed to the European Commission regarding the upcoming proposal to simplify record-keeping obligations under the EU General Data Protection Regulation.

Time 2 Minute Read

As the UK Data (Use and Access) Bill reaches its final stages, the House of Commons and the House of Lords are still debating several key issues. This blog provides a summary of the outstanding issues.

Time 1 Minute Read

On May 9, 2025, the California Privacy Protection Agency opened a formal public comment period for modifications to the text of proposed California Consumer Privacy Act regulations addressing cybersecurity audits, risk assessments, automated decisionmaking technology, insurance companies, and updates to existing CCPA regulations. The comment period will remain open until June 2, 2025.

Time 2 Minute Read

On May 7, 2025, the Colorado legislature passed a bill that would amend the Colorado Privacy Act’s provisions regarding the processing of precise geolocation data if signed into law by Colorado Governor Jared Polis.

Time 2 Minute Read

On April 29, 2025, the Michigan Attorney General filed a lawsuit against Roku alleging violations of the Children’s Online Privacy Protection Act.

Time 1 Minute Read

The Centre for Information Policy Leadership at Hunton is pleased to launch “CIPL In Focus”—a knowledge-sharing roundtable for in-depth discussions with senior-level professionals.

Time 2 Minute Read

On March 5, 2025, the European Data Protection Board published Opinion 06/2025 on the extension of the European Commission Implementing Decisions under the GDPR and the Law Enforcement Directive on the adequate protection of personal data in the United Kingdom.

Time 1 Minute Read

Since the beginning of 2025, the Cyberspace Administration Authority has continued to strengthen the protection of minors on the Internet.

Time 3 Minute Read

On May 6, 2025, the California Privacy Protection Agency announced that it had issued an order requiring clothing retailer Todd Snyder, Inc. to change its business practices and pay a $345,178 fine to resolve alleged violations of the California Consumer Privacy Act.

Time 2 Minute Read

In April 2025, the U.S. Department of Health and Human Services’ Office for Civil Rights announced a HIPAA enforcement settlement with Comprehensive Neurology, PC, a New York-based neurology practice, in connection with a ransomware incident that compromised the electronic protected health information of approximately 6,800 individuals.

Time 3 Minute Read

On May 2, 2025, Virginia Governor Glenn Youngkin signed into law a bill that amends the Virginia Consumer Data Protection Act to impose significant restrictions on minors’ use of social media.

Time 1 Minute Read

The National Computer Virus Emergency Response Center of China recently discovered 13 mobile apps in breach of cross-border transfer requirements.

Time 2 Minute Read

On April 23, 2025, the Department of Health and Human Services’ Office for Civil Rights announced a HIPAA enforcement action against a health care network following a phishing attack that exposed patients’ electronic protected health information, which resulted in a $600,000 monetary settlement and two-year corrective action plan.

Time 2 Minute Read

The California Privacy Protection Agency and California Attorney General recently announced the formation of a new coalition of state regulators called the Consortium of Privacy Regulators, which includes regulators from California, Colorado, Connecticut, Delaware, Indiana, New Jersey and Oregon.

Time 2 Minute Read

On April 29, 2025, the UK Information Commissioner’s Office and the California Privacy Protection Agency signed a declaration of cooperation regarding international privacy and data protection coordination, formalizing their existing collaboration.

Time 3 Minute Read

In April 2025, the Montana legislature passed a bill amending the Montana Consumer Data Privacy Act, to enhance protections for minors, add transparency requirements, clarify individual rights provisions, expand the law’s applicability, revise the law’s exemptions, and remove the law’s guaranteed right to cure alleged violations.

Time 2 Minute Read

FTC Commissioners recently indicated their enforcement priorities under the Trump Administration, including enforcement of existing federal privacy laws and fostering AI innovation.

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page