Articles Posted in Data Security

Posted May 27, 2026

California AG Announces Largest CCPA Penalty to Date in First Data Minimization Case

by Shruti Bhutani Arora, Christine Mastromonaco and Nathan D. Banks

Shruti Bhutani Arora

Christine Mastromonaco

Nathan D. Banks

On May 8, 2026, California Attorney General Rob Bonta, joined by district attorneys from San Francisco, Los Angeles, Napa and Sonoma counties, announced a proposed $12.75 million settlement with a connected vehicle services provider over alleged CCPA violations involving the collection, retention, use and disclosure of vehicle data. The California Privacy Protection Agency’s Enforcement Division assisted in the investigation, which followed a broader CPPA sweep of connected vehicle privacy practices.

Posted April 24, 2025

The Data Security Program Compliance Guide Is Released by the DOJ

by Consumer Protection Team

Consumer Protection Team

On January 8, 2025, the U.S. Department of Justice (DOJ) issued its final rule (28 C.F.R. Part 202) implementing former President Biden’s Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” The guide outlines the requirements of a newly implemented Data Security Program (DSP) designed to prevent China, Russia and other foreign adversaries designated by the DOJ from accessing American’s sensitive personal data and U.S. government-related data.

In “DOJ Releases Its Data Security Program Compliance Guide,” colleagues Tony Phillips, Shruti Bhutani Arora, Sahar J. Hafeez, Christine Mastromonaco, Leighton Watson and Sheetal Misra discuss the key components of the DSP and offer thoughts about compliance.