• |

    Nov. 12, 2025

Touring California’s New Dashboard for Permanent Erasure of Personal Information

The California Privacy Protection Agency (CPPA) has unveiled a privacy dashboard that allows consumers to request deletion of their personal information from all data brokers in one swoop. The Delete Request and Opt-Out Platform (DROP) also includes a more complicated dashboard for data brokers, which reflects the many detailed steps brokers must take to fulfill their obligations to process deletion requests every 45 days, starting in August 2026. Last week, the CPPA announced at its public board meeting that California’s administrative law office approved DROP regulations, which are now in effect. This article examines how DROP will work for both consumers and data brokers and presents hurdles that could impact functionality for each. It includes details revealed during the CPPA’s presentations and insights shared with the Cybersecurity Law Report by the Network Advertising Initiative and a privacy design expert. See “California’s Delete Act Enforcement Sweep Takeaways” (Apr. 2, 2025).

State Privacy Enforcers Reveal Strategies, Priorities and Advice on Engagement

State enforcement of U.S. consumer privacy protection laws and the collaboration between state privacy agencies are both intensifying, but some companies have been distracted by integrating AI tools and are failing to properly invest in privacy compliance. The landscape of states currently enforcing comprehensive privacy laws has expanded to 17, with three additional state laws set to take effect in 2026. This article distills commentary from regulators in California, Colorado, Delaware and Indiana, as well as a recent member of the Texas AG’s Office, delivered during IAPP’s Privacy. Security. Risk. 2025 conference, on enforcement priorities, responding to regulatory inquiries and how enforcers are coordinating. See “State AG Representatives Disclose AI Regulatory and Enforcement Outlook” (Oct. 8, 2025).

Gauging Uptake of AI in Cybersecurity

How prevalent is the use of generative AI (Gen AI) in security? What security problems has Gen AI made more manageable, if any? How are cybersecurity professionals driving AI governance? A recent AI survey report (Report) issued by the SANS Research Program of the SANS Institute answers these questions using responses from security experts. This article synthesizes key findings from the Report, including common AI use cases in security, the current state of AI governance and how AI is transforming security roles. It also offers a framework for addressing weaknesses identified in the Report. See “Assessing and Managing AI’s Transformation of Cybersecurity in 2025” (Mar. 19, 2025).

Jones Day Adds Cybersecurity, Privacy and Data Protection Partner in San Diego

Jones Day has welcomed Amanda Fitzsimmons as a partner in the firm’s cybersecurity, privacy and data protection practice in San Diego. She arrives from Salt Security, a growth-stage cybersecurity company, where she served as head of legal. For commentary from Fitzsimmons, see “FTC Settlement Spotlights Security of APIs Proliferating Across the Internet” (Mar. 5, 2025). For insights from Jones Day, see “New Duties Around Pseudonymized Data After E.U. Court Decision” (Oct. 15, 2025).

Freshfields Welcomes Global Co‑Head of AI Practice in New York

Freshfields has announced the addition of litigation partner Anna Gressel to its New York office. Gressel will serve as global co‑head of the firm’s AI practice. She arrives from Paul, Weiss. For commentary from Gressel, see “The Current State and Future of AI Regulation” (Jun. 17, 2020). For insights from Freshfields, see our two-part series on the SolarWinds Decision: “Court Narrows Case, but SEC’s Surviving Claims Alarm CISOs” (Aug. 7, 2024), and “Practical Takeaways for Cyber Communications” (Aug. 14, 2024).

Most-Read Articles

Women to Watch: Contributions, Achievements and Observations of Outstanding Female Professionals

To mark International Women’s Day, women editors and reporters at ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Law Report Group editors Jill Abitbol, Robin L. Barton and Megan Zwiebel profile notable women in data privacy, cybersecurity, private funds and anti-corruption law, including Anne-Gabrielle Haie, Jessica Lee, Micaela McMurrough, Laura Perkins, Amanda Raad, Madelyn Calabrese, Ranah Esmaili and Genna Garver. Enjoy reading their inspiring remarks here.

Celebrating Data Privacy Day 2025

Read the full brief here.

Cybersecurity Awareness Month

Read the full brief here.