Earlier this month an appellate court in New Jersey issued an opinion in State v. Bryant, holding that tower dumps are Fourth Amendment searches that require particularized warrants supported by probable cause. 

On November 24, 2025, trade association NetChoice secured a win in its constitutional challenge to Maryland's Age-Appropriate Design Code Act (Kids Code or Act) when the U.S. District Court for the District of Maryland denied a motion to dismiss. 

Key Takeaways

• The SEC’s agreement with defendants to dismiss, with prejudice, its case against SolarWinds Corporation (SolarWinds) and its chief information security officer (CISO) signals a retreat from aggressive, novel enforcement theories in cybersecurity disclosure cases.
• Although technical cybersecurity violations without investor harm

On September 23, 2025, the California Privacy Protection Agency confirmed that their cyber audit regulations will at long last go into effect on January 1, 2026. 

You can be forgiven for losing track since these were first proposed in September 2023, but now is the time to start considering how they will apply to your company and budgeting for that impact. 

State Updates, Security Mandates, and the Federal Regulatory Horizon

Can buying a video game on a website using pixel technology make you a Video Privacy Protection Act (VPPA) plaintiff? 

Texas has enacted amendments to its state version of the federal Telephone Consumer Protection Act (Tex. Bus. & Comm.

With 2025 more than half over and many state legislatures adjourned for the year, we look back at significant legislative developments concerning state comprehensive consumer privacy laws. 

On June 27, 2025, the United States Supreme Court weighed in on the ongoing debate about age verification requirements for websites, holding that it is constitutional for a state to require websites that have a significant portion of adult content to implement commercial age verification systems. 

On July 1, 2025, amendments to the Colorado Privacy Act and CPA rules will take effect, significantly expanding the scope of requirements for businesses that control or process biometric identifiers and biometric data. The amendments expand the scope of the law by imposing certain requirements on employers when they collect biometric identifiers or biometric data from their employees (incl

In May 2025, Montana enacted Senate Bill 163 (SB 163), amending that state’s Genetic Information Privacy Act (MGIPA) to include protections for neurotechnology data—namely, data collected from the activity of the central or peripheral nervous system.

Can a communications provider be held liable when it reports to the National Center for Missing and Exploited Children (NCMEC) an image the provider believes to be child sexual abuse material based on signals provided by NCMEC? 

In recent months, a wave of lawsuits has swept across the nation, targeting websites for allegedly violating state wiretapping laws through their use of tracking software.