Washington’s CEMA mini-TCPA has been drawing a lot of attention lately–especially as Courts around the country struggle with whether the TCPA’s DNC provisions apply to SMS messages.
On November 13, the California Privacy Protection Agency (CPPA) announced that the Office of Administrative Law approved final regulations implementing the Delete Act, establishing a new statewide data deletion mechanism. As previously covered by InfoBytes, the regulations create the “Delete Request and Opt-out Platform” (DROP), a state-hosted website allowing California consumers to request deletion of their personal information from multiple data brokers with a single action.
As previously reported, the CFPB is proposing major changes to its 2023 final rule that would require financial institutions to report information contained in loan applications submitted by small businesses, including women-owned and minority-owned small businesses. The rule is better known as the “Section 1071 rule” after the section of the Dodd-Frank Act that required the CFPB to adopt it. Comments must be received by December 15, 2025.
On November 10, 2025, the U.S. Court of Appeals for the Tenth Circuit, in a 2–1 decision, issued its opinion in National Association of Industrial Bankers et al. v. Weiser.
In this episode of "Clearly Conspicuous," consumer protection attorney Anthony DiResta examines why board governance is under the FTC’s microscope and what directors must do to meet rising expectations. He categorizes the main themes of regulatory focus being data security, antitrust and board composition, compliance and risk governance and the overall emergance of AI and algorithmic accountability. He then offers practical steps such as building regulatory literacy, demand measurable risk reporting, structure effective committees, resource and test programs, document oversight in minutes and embed ethics into culture—along with a checklist of specific governance risks to monitor.
.jpg)
.jpg)