Privacy & Information Security Law Blog

Last month, SEC Commissioner Hester Peirce, chair of the Crypto Task Force, laid out a broad agenda for the SEC’s approach to cryptocurrency over the next four years.

On February 21, 2025, President Trump issued a National Security Memorandum on America First Investment Policy outlining the administration’s foreign direct investment policy, including initiatives for a regulatory fast track process, additional scrutiny for Chinese investors, key changes to reviews by the Committee on Foreign Investment in the United States including CFIUS’s use of national security agreements.

On February 20, 2025, the Virginia legislature passed the High-Risk Artificial Intelligence Developer and Deployer Act.

On February 20, 2025, the UK Information Commissioner’s Office published its annual Tech Horizons Report, which explores four key technologies expected to play a significant role in society in upcoming years.

The California Privacy Protection Agency Board will hold Board meetings on March 6 at 2 PM PT and March 7 at 9 AM PT addressing the creation of a data broker deletion request mechanism, pursuant to the CA Delete Act.

The Cyberspace Administration of China recently released requirements regarding data protection compliance audits, which will go into effect on May 1, 2025.

The People’s Bank of China recently released the Draft Administrative Measures for Reporting of Cybersecurity Incidents in the Operational Areas of PBOC for public comment.

NetChoice has filed a lawsuit challenging Maryland’s Age-Appropriate Design Code Act on constitutional grounds, arguing that the law’s requirements, including requirements to perform data protection impact assessments, inhibit free speech.

As part of the California Privacy Protection Agency’s investigative sweep of data broker registration compliance under California’s Delete Act, the CPPA recently announced an enforcement action against a Florida-based data broker and a settlement with a California-based data broker for failure to register as a data broker on the California Data Broker Registry, as required under the Delete Act.

On February 20, 2025, the U.S. Department of Health and Human Services’ Office for Civil Rights announced a $1.5 million fine against Warby Parker for alleged violations of the HIPAA Security Rule.