Regulatory enforcement actions, court decisions, and compliance developments that matter most across FCRA, FDCPA, HIPAA, TCPA, FINRA, FMCSA, and federal and state law.
A Maryland dental software company agreed to a HIPAA settlement after a 2020 breach exposed the records of 15 million individuals. The case illustrates OCR's ongoing focus on business associates and their obligations under the Security Rule.
FinCEN, FINRA, and the SEC coordinated an $80 million enforcement action against Canaccord Genuity for Bank Secrecy Act violations spanning six years. It is the largest BSA penalty ever imposed against a broker-dealer and a wake-up call for the entire industry on AML program adequacy.
Kaiser Permanente agreed to a $10.5 million TCPA class action settlement for sending marketing texts to consumers who had already replied STOP. The case is a clean illustration of why opt-out processing infrastructure is not optional for any organization running text marketing campaigns.
A Texas federal court vacated the CFPB's rule that would have prohibited furnishing and consideration of medical debt information on credit reports, agreeing with the bureau and industry plaintiffs that the rule exceeded statutory authority under the FCRA.
HHS OCR announced four enforcement actions totaling more than $1.1 million against healthcare organizations that experienced ransomware attacks. In each case, OCR found HIPAA Security Rule violations — particularly inadequate risk analysis — that predated and contributed to the attacks.
A California federal court class action accuses Ruggable of sending marketing text messages at 6 a.m. — before the TCPA's 8 a.m. permissible contact window. The case highlights a TCPA quiet hours obligation that many marketing teams fail to account for in their automated messaging systems.
FINRA suspended chief compliance officers in two recent enforcement actions — one for Regulation Best Interest failures, one for recordkeeping violations. The cases signal that FINRA remains prepared to hold individual CCOs accountable, not just the firms they work for.
FMCSA enforcement data from 2025 showed more than 7,000 Drug and Alcohol Clearinghouse violations — the overwhelming majority involving missed pre-employment or annual queries. The data reveals an ongoing pattern of Clearinghouse compliance failures five years into the mandate.
H.R. 8267, introduced April 20, would give FMCSA criminal enforcement authority over freight fraud and establish new coordination mechanisms between DOT, DOJ, and Customs and Border Protection. The bill has bipartisan support and backing from the American Trucking Associations.
FMCSA removed 14 electronic logging devices from its registered list after the manufacturers failed to meet minimum technical requirements. Carriers using the revoked devices had until February 7, 2026 to replace them or face hours-of-service violations at roadside inspections.