On November 21, the Consumer Financial Protection Bureau (CFPB or Bureau) notified staff that it will restart supervision and require examiners, beginning with the 2026 examination cycle, to open each review by reading to the supervised entity a Humility in Supervisions Pledge. The pledge signals a notable shift in tone and execution that is in line with the CFPB’s Memorandum on Supervision and Enforcement Priorities from April 2025.
Washington’s CEMA mini-TCPA has been drawing a lot of attention lately–especially as Courts around the country struggle with whether the TCPA’s DNC provisions apply to SMS messages.
On November 13, the California Privacy Protection Agency (CPPA) announced that the Office of Administrative Law approved final regulations implementing the Delete Act, establishing a new statewide data deletion mechanism. As previously covered by InfoBytes, the regulations create the “Delete Request and Opt-out Platform” (DROP), a state-hosted website allowing California consumers to request deletion of their personal information from multiple data brokers with a single action.
As previously reported, the CFPB is proposing major changes to its 2023 final rule that would require financial institutions to report information contained in loan applications submitted by small businesses, including women-owned and minority-owned small businesses. The rule is better known as the “Section 1071 rule” after the section of the Dodd-Frank Act that required the CFPB to adopt it. Comments must be received by December 15, 2025.
On November 10, 2025, the U.S. Court of Appeals for the Tenth Circuit, in a 2–1 decision, issued its opinion in National Association of Industrial Bankers et al. v. Weiser.
.jpg)
.jpg)