California State Assembly member, Josh Lowenthal, introduced Assembly Bill (AB) 566 on February 12, 2025, backed by the California Privacy Protection Agency (CPPA). The bill aims to empower Californians with a simple, one-step tool to manage their digital privacy—requiring web browsers and mobile operating systems to provide users with an easy opt-out option for sharing their personal data.
As the global risk landscape continues to shift, businesses must face the reality of whether the traditional approaches to supply chain risk is no longer enough. In its 2025 Supply Chain ESG Risk Outlook, LRQA doesn’t just confirm what we already know about risks—it reveals deeper, sometimes uncomfortable truths that businesses can no longer afford to ignore. This isn’t just another report filled with jargon, it’s a wake-up call that calls for reflection, action, and a recalibration of how we view supply chain resilience in a rapidly changing world.
A data breach is never just a technical mishap, it’s a disruption that threatens both trust and personal rights. For those tasked with managing personal data, the Federal Data Protection Act (FADP) lays out clear—but complex—guidelines on how to handle such breaches. Article 24 of the FADP is especially crucial, detailing the responsibilities of data controllers when security incidents occur. Here’s a rundown of how data controllers can navigate these waters, ensuring they’re both compliant and proactive.
The National Treasury Employees Union (NTEU) has filed two lawsuits in response to recent executive actions that it argues threaten both the continued operation of the Consumer Financial Protection Bureau (CFPB) and the privacy of its employees. The lawsuits, filed on February 10, 2025, highlight concerns over the impact of these measures on both the agency's mission and the personal security of its workforce.
The battle over the SEC’s climate disclosure rule has entered a new phase, and the winds are shifting—this time, away from the aggressive push for federal mandates. On February 11, Acting SEC Chair Mark Uyeda signaled a significant change by requesting that a federal appeals court delay oral arguments in the ongoing lawsuit against the rule. This request is just the latest in a series of developments that point to a deepening uncertainty about the future of the rule, which mandates that companies disclose climate-related risks to investors.
In a world where AI promises seem to be becoming as frequent as pop-up ads, the FTC’s decision to take on DoNotPay is a notable one. The company, which once boasted about offering “the world’s first robot lawyer,” has now been forced to face the music for its misleading marketing. The Federal Trade Commission has finalized an order against DoNotPay, following an investigation that questioned the legitimacy of their AI-powered legal services.
The Personal Information Protection Commission (PIPC) is gearing up for a busy 2025. At its second plenary meeting, the Commission outlined its investigative goals for the year, emphasizing both strict oversight of privacy practices and a more supportive, growth-friendly environment for businesses. Whether it’s diving deep into sectors closely tied to people's daily lives or making sure that emerging technologies like AI don’t compromise personal privacy, the PIPC is taking a multifaceted approach to privacy protection this year.