On July 24, 2025, the California Privacy Protection Agency (CPPA) approved a sweeping set of amendments to the California Consumer Privacy Act (CCPA) regulations. These updates introduce new compliance obligations for businesses around automated decision making, cybersecurity audits, risk assessments, and more.
Below, we discuss some of these new requirements.Continue Reading California Finalizes Major CCPA Amendments
On June 19, 2025, the United Kingdom Parliament enacted the Data Use and Access Act 2025 (DUAA). The DUAA amends, but does not replace, the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA) and the Privacy and Electronic Communications Regulations (PECR). While the DUAA imposes new requirements on organizations subject to UK privacy legislation, it also clarifies several provisions, making privacy compliance in the United Kingdom more manageable.
The changes under the DUAA began in June 2025 and will be phased in over the next year through June 2026.Continue Reading Are You Ready for the UK’s Data Use and Access Act 2025 (DUAA)?