Apr. 30, 2025

Compliance Takeaways From the CPPA’s Enforcement Action Against Honda

The California Privacy Protection Agency (CPPA) flexed its CCPA enforcement muscle last month when it entered into a stipulated settlement (Order) with American Honda Motor Co. The CPPA’s inaugural enforcement action, which required the automobile distributor to pay a $632,500 fine, signals the agency’s stance on CCPA compliance – one that balances a strict reading of the statute with, perhaps, a more practical focus on readily provable violations. This article, with insights from Kelley Drye & Warren, Manatt and ZwillGen, examines the Order and its implications, evaluates the CPPA’s enforcement approach, and offers practical compliance lessons for companies. See “Outgoing CPPA Board Member Discusses Rulemaking and Looming Privacy Issues” (Sep. 25, 2024).

NAVEX Statistics on Internal Reporting and Substantiation

Internal reporting mechanisms enable employees to bring business- and workplace-related issues to the attention of their organizations. Each year, NAVEX, a provider of risk and compliance management software, analyzes the incident reports and inquiries logged by its customers and issues a report. In its most recent Whistleblowing and Incident Management Benchmark Report, data privacy and protection was among the five most frequently reported categories of workplace conduct. This article distills key findings from the report with insights offered by Carrie Penman, chief risk and compliance officer at NAVEX; Jane Norberg, a partner at Arnold & Porter and former Chief of the SEC Office of the Whistleblower; and Anders Olson, senior manager of the NAVEX data science team. See “NAVEX Shares Benchmarking Data in 2023 State of Risk and Compliance Report” (Jul. 26, 2023).

Tech Counsel Joins Clifford Chance in New York

Clifford Chance has welcomed Michael Povman to its global tech group as counsel in New York. He is the former managing director and associate GC of the Bank of New York Mellon. For insights from Clifford Chance, see “U.K. Equifax Fine Calls for Stricter Parent-Subsidiary Data-Sharing Processes” (Oct. 15, 2023); and “Cybersecurity Compliance Lessons From NYDFS’ Carnival Action” (Aug. 3, 2022).