Aug. 6, 2025

Healthline’s Record-Setting CCPA Settlement Offers Lessons on Transparency and Opt-Outs

In the largest financial CCPA settlement to date, Healthline Media agreed last month to pay $1.55 million in civil penalties and to adhere to injunctive terms. The California AG’s action against the website publisher included claims that the company’s health information website, Healthline.com, violated the CCPA and the state’s Unfair Competition Law by not allowing consumers to opt out of targeted advertising and by sharing data with third parties – including information about consumers’ potential health issues. This article, with insights from practitioners at Davis Wright Tremaine, Kelley Drye & Warren, and Sheppard Mullin, assesses the practical implications of the enforcement action and offers compliance takeaways. See “Why Companies Unintentionally Fail to Honor Opt-Outs” (Aug. 16, 2023).

Cyber Information Sharing Leader Discusses Frenemies, AI and Key Law Soon to Expire

Cybersecurity companies compete, but also give each other a helping hand by sharing threat information under the auspices of the non-profit Cyber Threat Alliance (CTA). Jason Cooper, CTA’s data sharing officer, helps coordinate the confidential exchange of attack details between the core cybersecurity defense players. With his front row seat, he hears their concern that protections for information sharing will be wiped out if the U.S. Congress does not reauthorize the Cybersecurity Information Sharing Act (CISA Law) by September 30, 2025. Cooper discussed with the Cybersecurity Law Report how cybersecurity companies need each other, the behind-the-scenes successes of threat information sharing, CTA’s new policy on members discussing vulnerabilities in other members’ cyber tools, the looming expiration of the CISA Law and AI’s impact on threat sharing. See “Can the Cybersecurity Industry Improve Cooperation to Beat Threats?” (Jan. 13, 2021).

CFTC Commissioner Johnson Addresses Regulatory Approaches to AI

AI is rapidly transforming many aspects of the economy, and financial services is no exception. Firms and regulators alike are turning to AI for a variety of reasons, including to improve efficiency, reduce costs, enhance accuracy and detect misconduct. In recent remarks delivered at George Washington University, Commodity Futures Trading Commission Commissioner Kristin N. Johnson discussed the core benefits and risks associated with use of AI in financial services, as well as the May 2025 report to Congress (GAO Report) by the U.S. Government Accountability Office on the use and oversight of AI in financial services. This article discusses the key takeaways from Johnson’s speech and the GAO Report. See “CFTC’s Report Calls for Engagement and Development of AI Risk Management Frameworks” (Nov. 20, 2024).

Troutman Pepper Locke Adds Privacy and Cybersecurity Leader As Partner

Troutman Pepper Locke has welcomed David Stauss as a partner in its privacy and cyber practice group. The prominent U.S. state privacy law authority joins the Philadelphia office virtually and will be based in Denver. He arrives from Husch Blackwell, where he co-led the privacy and cybersecurity practice. For commentary from Stauss, see “Navigating Ever-Increasing State AI Laws and Regulations” (Jan. 15, 2025). For insights from Troutman Pepper Locke, see “What Companies Can Learn From Blackbaud’s Ransomware Experience: Lessons From the GC” (Jul. 23, 2025).