Apr. 2, 2025

California’s Delete Act Enforcement Sweep Takeaways

Since the California Privacy Protection Agency (CPPA) announced an enforcement sweep in October 2024, it has settled a handful of actions with data brokers for violating the Delete Act. The cases have focused on data brokers’ failures to register with the state and pay the required annual fee. This article, with input from Ben Isaacson, a principal at In‑House Privacy, Inc., and Julie Rubash, GC and CPO at Sourcepoint, assesses commonalities in the CPPA’s Delete Act settlements, identifies takeaways for data brokers, and offers advice on preparing to comply with Data Broker Requests and Opt-Out Platform (DROP) requirements. See “Deciphering the New CPPA Proposed Regulations for Data Brokers” (Dec. 11, 2024).

Statistics on Privacy Staffing, Budgets and Compliance Culture

Demand for technical privacy roles is more likely to increase over the next year compared to legal and compliance roles, according to ISACA’s State of Privacy 2025 report (Report). In late 2024, ISACA, a professional organization focused on digital fields such as privacy and information security, took the pulse of more than 1,600 privacy professionals from around the globe, asking their perspectives on privacy staffing practices and concerns, budgets, commitment and culture, incidents and privacy by design. Notably, organizations continue to report inadequate budgets, understaffing and challenges filling privacy positions – especially technical roles. This article synthesizes those and other findings from the Report. See “Website Privacy Compliance Statistics and Practical Takeaways” (Jan. 8, 2025).

2025 LRN Effectiveness Survey Finds Lags in Third-Party Diligence

Corporate compliance teams must navigate internal and external challenges on a daily basis, such as perception gaps between different levels of seniority and third-party risk. Many companies’ compliance programs are failing to keep up with third-party and supply chain risks and the related regulatory requirements, according to the 2025 Ethics & Compliance Program Effectiveness Report – Caught in the Middle, published by LRN. LRN chief advisory officer Ty Francis spoke to the Cybersecurity Law Report about the latest publication. This article distills insights from the Report along with his comments. See “Survey Finds Increased Value in Having a Culture of Compliance” (Feb. 26, 2025).

Former FBI Counsel Joins McCarter & English

Erin Prest, former FBI Privacy & Civil Liberties Officer and Deputy GC, has joined McCarter & English’s cybersecurity team as a partner in the firm’s Washington, D.C., office. For insights from McCarter, see “Understanding and Implementing DoD’s Cybersecurity Requirements” (Aug. 17, 2022).

Quarles Welcomes Tech and Data Privacy Partner

Quarles & Brady has announced that Hannah Ji‑Otto, who advises clients on data privacy, cybersecurity and AI governance issues, has joined the firm’s St. Louis office as a partner in the intellectual property practice group. She joins from Baker Donelson. For insights from Quarles & Brady, see “How to Comply With Key CCPA Notice and Consumer Request Requirements” (Jun. 24, 2020).