Photo of Andrew Serwin

Andrew Serwin

Subscribe to Andrew Serwin's Posts
Contact:Read more about Andrew Serwin

On February 20, 2026, Texas Attorney General Ken Paxton filed suit against Shein US Services, LLC, alleging false, deceptive, and misleading practices in violation of the Texas Deceptive Trade Practices Act. The complaint targets both product safety concerns and alleged misrepresentations regarding consumer data practices.

Shein, founded in China in 2008, is a global fast‑fashion

Continue Reading U.S.: Texas AG Sues Shein Over Alleged Deceptive Practices and Data Privacy Risks

By: Andrew Serwin, Isabelle Ord, Jeffrey DeGroot, Hayley Curry, and Matt Danaher

On January 26, 2026, the U.S. Supreme Court granted certiorari in Salazar v. Paramount Global to clarify the scope of the Video Privacy Protection Act (“VPPA”) and resolve a circuit split on the issue. See Salazar v. Paramount Global, No. 25-459 (S. Ct.).

Continue Reading Supreme Court to Clarify Meaning of “Consumer” Under VPPA

Overview

On February 21, 2024, the California Attorney General (CA AG) announced that it had reached a settlement with DoorDash over allegations that the company failed to comply with “sale” requirements under the California Consumer Privacy Act (CCPA) and disclosure requirements under the California Online Privacy Protection Act (CalOPPA). The settlement requires DoorDash to pay

Continue Reading California Attorney General Settles with DoorDash over Alleged Sale of Personal Information

Sweeping Amendments to NYDFS Cybersecurity Regulation

On November 1, 2023, the New York Department of Financial Services (NYDFS) announced extensive amendments to its cybersecurity requirements for financial institutions issued under 23 NYCRR Part 500.  The amendments are intended to address the evolution in the cybersecurity landscape since the regulation was first enacted in 2017, including

Continue Reading US: Regulators Enhance Information Security Requirements for Financial Services Companies

Implicit within Delaware law, and now explicit in the SEC Cyber Rules, is the concept of adequate governance. It is not what the FTC just said on a particular topic, the latest guidance from a Data Protection Authority, what the NIST framework provides, or a set of controls in any particular subject area regarding privacy

Continue Reading US: Understanding Governance–A Path for Privacy and Security Governance