As the Trump Administration attempts to drastically cut CFPB funding and staffing, New York regulators and legislators are attempting to fill what could be a void in consumer protection efforts.
With eight states rolling out new privacy laws in 2025 and many more already on the books, businesses have never faced a more fragmented regulatory landscape. These laws will expand consumer rights, impose stricter data governance obligations, and create a complex compliance environment for businesses operating across state lines. While these laws share common frameworks, key differences – particularly Maryland’s stringent requirements – will require you to take a strategic approach. Below, we break down each law’s unique requirements and provide practical guidance you can put into place right away.
The California Privacy Protection Agency (CPPA) has issued its first Order of Decision to American Honda Motor Co. in an enforcement action under the California Consumer Privacy Act (CPPA). Although the investigation arose from the CPPA’s ongoing review of data privacy practices by connected car manufacturers and other related technologies, there are some important takeaways for every business covered by the CCPA.
The volume of data breaches grew 6% year-on-year (YoY) in 2024, fueled by double-digit increases in ransomware, compromised credentials and vulnerability exploits, according to Flashpoint.
The California Department of Financial Protection and Innovation (DFPI) has finalized the text of regulations for the Debt Collection Licensing Act (DCLA). The DCLA requires licensees to file an annual report with the commissioner, which must include certain information. The final rules outline the annual report requirements and provide definitions for calculating licensees’ annual pro-rata assessments. These regulations take effect July 1, 2025.