Perkins on Privacy
Privacy and Security related image, digital thumbprint

Perkins on Privacy

Perkins on Privacy keeps you informed about the latest developments in privacy and data security law. Our insights are provided by Perkins Coie's Privacy & Security practice, recognized by Chambers as a leading firm in the field. 
Person on moving sidewalk
August 11, 2025 Regulatory Enforcement CCPA State Privacy Laws

CPPA Approves Cybersecurity, Automated Decisionmaking, and Risk Assessment Regulations

After years of drafting, discussions, and debates, the California Privacy Protection Agency (CPPA) Board reached a significant milestone in its efforts to bring to fruition regulations that have been in discussion by the CPPA Board for several years. 

 View blog post
Virtual Landscape
July 30, 2025 Regulatory Enforcement CCPA State Privacy Laws

Coast to Coast: Privacy Enforcement Heats Up with Healthline and TicketNetwork Settlements

As the 2025 summer heat continues and as state privacy laws continue to mature, enforcement actions are beginning to shape the compliance landscape for businesses nationwide—from the coast of California to the shores of Connecticut. 

 View blog post
World Cybersecurity
May 12, 2025 Regulatory Enforcement CCPA State Privacy Laws

Buckle Up! CPPA Is Driving Privacy Regulation and Enforcement Forward

 After a relatively slow start to 2025, the California Privacy Protection Agency (CPPA) is firing on all cylinders now. View blog post
Government
April 11, 2025 Privacy Compliance State Privacy Laws CCPA Artificial Intelligence

CPPA Signals Significant Revisions Ahead

Going into the Friday, April 4, 2025, meeting, the CPPA seemed poised to move forward far-reaching privacy regulations on RAs, cybersecurity audits, and ADMT.

 View blog post
Data
March 25, 2025 Regulatory Enforcement CCPA State Privacy Laws Privacy Compliance

California Privacy in 2025: Key Changes Affecting Data Brokers

As we close out the first quarter of 2025, one thing is unmistakable: California’s regulatory efforts continue to center on data brokers. 

 View blog post
Cellphone Privacy Security
December 13, 2024 Privacy Law Recap Data Security CCPA

Privacy Law Recap 2024: Data Security

Continued cyberthreats drove expanded data security and breach notification requirements in 2024. Although sectors deemed high-risk saw significant activity, we also saw proposed regulations that stand to have a significant impact on a wide swath of private companies in the year to come.

This Update outlines highlights of data security law in 2024.

 View blog post
World Cybersecurity
November 26, 2024 CCPA Privacy Compliance State Privacy Laws Artificial Intelligence Data Security

Fasten Your Seatbelts: CPPA Proposes Rules on Automated Decision-Making and Cybersecurity Audits and Finalizes Data Broker Regulations

After much anticipation, on November 8, the California Privacy Protection Agency (CPPA) Board voted to advance proposed regulations for insurance, cybersecurity audits, risk assessments, and automated decision-making technology (ADMT) to formal rulemaking. 

 View blog post
bell on front desk at hotel
November 7, 2024 Regulatory Enforcement Data Security Data Breach and Incident Response Federal Trade Commission

FTC and State Coalition Settle Data Breach Cases with Marriott

 In 2018, Marriott announced a data breach affecting its Starwood reservation system, thought at the time to have affected up to 500 million people worldwide. These settlements arise from that incident, as well as two smaller incidents that also affected Starwood and Marriott. The FTC alleges these incidents exposed payment card information, unencrypted passport numbers, and loyalty account information, along with other information like names, dates of birth, and contact information. View blog post
AI finger touch screen
September 30, 2024 Data Breach and Incident Response Data Security

2024 Breach Notification Law Update: Unique New State Obligations and Widespread New Federal Obligations

 Amid intense focus on AI and a flurry of consumer privacy law updates, legislative activity has continued to change data breach notification requirements in a variety of ways. Similar to 2023, a handful of changes to generally applicable state breach notification statutes were accompanied by steady sectoral activity at the state level and significant updates at the federal level, including new obligations from both the Federal Trade Commission (FTC) and the U.S. Securities and Exchange Commission (SEC). View blog post
Cellphone Privacy Security
September 25, 2024 Data Security

Cybersecurity for Lawyers: The NIST Cybersecurity Framework as a Tool and Reference

 In this post in our series on basic cybersecurity concepts for lawyers, we delve into the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0. View blog post
Computer server room
August 30, 2024 Data Security

Cybersecurity for Lawyers: Open-Source Software Supply Chain Attacks

In this post in our series on basic cybersecurity concepts for lawyers, we address open-source software (OSS) supply chain risk. 

 View blog post
Happy family together at home.
August 14, 2024 Data Security Regulatory Enforcement Children’s Privacy Federal Trade Commission

FTC Order Bans Anonymous Messaging App from Serving Minors

 The Federal Trade Commission (FTC) and the Los Angeles County District Attorney announced a complaint and proposed stipulated order concerning the “NGL: ask me anything” anonymous messaging app. View blog post
Conference group
July 25, 2024 CCPA Regulatory Enforcement Artificial Intelligence

CPPA Regulatory Delays and Enforcement Updates: Takeaways from July Board Meeting

 On July 16, the California Privacy Protection Agency (CPPA) held a public meeting of its Board (the Board). View blog post
Computer Lock Security
May 22, 2024 Data Security

Clarifying Guidance on Abundance-of-Caution Disclosures under SEC Cybersecurity Rule

 The Director of the U.S. Securities and Exchange Commission (SEC) Division of Corporation Finance issued a statement clarifying public companies' obligations to disclose cybersecurity incidents under Item 1.05 of Form 8-K. View blog post
© 2026 Perkins Coie LLP