On January 1, 2026, the California Privacy Protection Agency’s (“CalPrivacy”) cybersecurity audit regulations (the “Regulations”) took effect after several years of rulemaking and public comment. As previewed in the Data Protection Report, certain businesses subject to the California Consumer
Partial compliance is noncompliance: Lessons from California’s $2.75 million settlement with Disney
On February 11, 2026, California Attorney General Rob Bonta announced a $2.75 million settlement with The Walt Disney Company (“Disney”), the largest civil penalty to date under the California Consumer Privacy Act as amended by the California Privacy Rights Act
The DOJ’s civil cyber-fraud initiative lives on: Insights from cybersecurity enforcement through the False Claims Act
The False Claims Act (“FCA”), the U.S. federal government’s principal civil anti-fraud statute, imposes liability on entities that knowingly submit, or cause the submission of, false or misleading claims for payment to the United States. The FCA has long served