On March 21, 2025, Mexico’s Federal Law for the Protection of Personal Data Held by Private Parties (LFPDPPP) replaced the 2010 framework, bringing the country’s data protection regime in line with global standards. The reform centralizes oversight under the Secretariat of Anti-Corruption and Good Governance, expands key definitions, strengthens consent requirements, and updates privacy notice obligations. It also reinforces ARCO rights, mandates data-retention schedules, and tightens confidentiality obligations for all data handlers.
Continue readingLandmark-Privacy-Law-Enforcement-Settlement-Highlights-Costs-of-Non-Compliance
n a landmark enforcement action under the California Consumer Privacy Act (CCPA), the California Privacy Protection Agency (CPPA) fined American Honda Motor Co., Inc. $632,500 for multiple violations—despite the infractions representing a small portion of consumer interactions. The settlement underscores the CPPA’s strict stance on compliance, requiring Honda to redesign its user privacy interface, certify changes, and train staff. This case signals that CCPA enforcement is real—and costly for non-compliance.
Continue readingYou May Be a Data Broker and California Is Watching
The California Delete Act (CDA) enhances consumer privacy by imposing strict requirements on data brokers. Recent enforcement by the California Privacy Protection Agency (CPPA) emphasizes the need for compliance. Businesses should urgently determine if they must register as data brokers and implement necessary operational measures to adhere to CDA regulations.
Continue readingMaryland Online Data Privacy Act Presents New and Expanded Compliance Requirements for Businesses
Maryland Governor Wes Moore signed the Maryland Online Data Privacy Act of 2024 (MODPA), making Maryland the 18th state to enact comprehensive privacy legislation.
Continue readingBrazil Enacting New Restrictions on Cross-Border Data Transfers
On August 23rd, Brazil’s data protection authority, the Autoridade Nacional de Proteção de Dados (“ANPD”), released its long-awaited International Data Transfer Regulation.
Continue readingClient Alert – Reporting Requirements for Investment Advisers
From SEC filings to state-specific regulations, it’s crucial to know when you must register and report. This client alert breaks down the key thresholds and exemptions, offering a starting point for staying compliant.
Continue readingFTC Reaffirms Strict Standards for Data Anonymization
On July 24th, through its Office of Technology Blog, the Federal Trade Commission (FTC), reiterated its hardline stance that hashing does not meet its criteria for anonymization.
Continue readingNew York Enacts the SAFE for Kids Act
The SAFE for Kids Act imposes new responsibilities on “covered operators”, defined as parties who operate or provide an “addictive social media platform.”
Continue readingNew York Enacts the New York Child Data Protection Act (NYCDPA)
This bill is a key step in protecting minors’ data, enforcing strict restrictions and consent requirements on businesses collecting their personal information.
Continue readingNavegando el cumplimiento en EE. UU. para gestores latinos
Los gestores latinos deben entender las regulaciones de EE. UU. para atraer inversores. Los errores pueden tener graves consecuencias legales o incluso penales.
Continue reading