On March 12, the California Privacy Protection Agency (“CPPA”) announced an enforcement action against American Honda Motor Co. (“Honda”), with a $632,500 fine for violating the California Consumer Privacy Act and its implementing regulations (“CCPA”).[1] This action, which is
Cleary Cybersecurity and Privacy Watch
Global Legal Developments related to Cybersecurity Incidents, Cyber Corporate Governance and Regulation Issues, and Privacy and Data Protection Laws
Blog Authors
Latest from Cleary Cybersecurity and Privacy Watch
Data Act FAQs – Key Takeaways for Manufacturers and Data Holders
On 3 February 2025, the European Commission (“EC”) published an updated version of its frequently asked questions (“FAQs”) on the EU Data Act.[1] The Data Act, which is intended to make data more accessible to users of IoT devices…
New York Legislature Passes Health Data Privacy Bill

Last week, the New York legislature passed the New York Health Information Privacy Act (S929) (“NYHIPA” or the “Act”)[1]. The Act, which is currently awaiting the Governor’s signature, seeks to regulate the collection, sale and processing of healthcare…
Cybersecurity Disclosure and Enforcement Developments and Predictions
The following is part of our annual publication Selected Issues for Boards of Directors in 2025. Explore all topics or download the PDF.
The SEC pursued multiple high profile enforcement actions in 2024, alongside issuing additional guidance around compliance with…
SEC Charges Four Companies Impacted by Data Breach with Misleading Cyber Disclosures
On October 22, 2024, the SEC announced settled enforcement actions charging four companies with making materially misleading disclosures regarding cybersecurity risks and intrusions. These cases mark the first to bring charges against companies who were downstream victims of the well-known…
New York Department of Financial Services Issues Guidance on Cybersecurity Risks Arising from Artificial Intelligence
Last week, the New York Department of Financial Services (“DFS”) issued guidance addressed to executives and information security personnel of entities regulated by DFS to assist them in understanding and assessing cybersecurity risks associated with the use of artificial intelligence…
DOJ Brings Lawsuit Against TikTok Over Alleged Violations of the Children’s Online Privacy Protection Act
Following on the heels of major developments coming out of the Senate last week to advance privacy protections for children online, the Department of Justice (“DOJ”) officially filed a lawsuit on Friday against TikTok, Inc., its parent company, ByteDance, and…
Cybersecurity Law Enters Into Force
On July 17, 2024, Law No. 90/2024 containing provisions for strengthening national cybersecurity and addressing cybercrime (the “Cybersecurity Law”) entered into force.…
FTC Announces Reforms to the Health Breach Notification Rule

On April 26, 2024, the Federal Trade Commission (“FTC” or the “Commission”) announced changes to the Health Breach Notification Rule (“HBNR”), which requires certain entities not covered by the Health Insurance Portability and Accountability Act (“HIPAA”) to notify consumers, the…
EHDS – The EU Parliament formally adopts the Provisional Agreement: Key Takeaways and Next Steps
In our Alert Memorandum of 19 July 2022 (available here), we outlined the European Commission’s (the “Commission”) proposal for a regulation on the “European Health Data Space” (the “Regulation” or the “EHDS”). The proposal, which was published in May…