Privacy & Cybersecurity Law Blog

Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

Mon, 30 Mar 2026 09:00:01 -0400

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›

Guardrails for Legal AI: What California’s SB 574 Would Require of Attorneys and Arbitrators

Fri, 27 Mar 2026 09:00:02 -0400

As reported on the Hunton Employment & Labor Perspectives blog, SB 574 is a California bill that would set specific duties for attorneys who use generative artificial intelligence and would restrict how arbitrators may use such tools in decision-making.

Continue Reading ›

UK Regulators Issue Joint Statement on Age Assurance for Online Services

Thu, 26 Mar 2026 09:00:03 -0400

On March 25, 2026, the UK Information Commissioner’s Office and the UK Office of Communications released a joint statement addressing the intersection of online safety and data protection in relation to age assurance.

Continue Reading ›

South Dakota Enacts Genetic Data Privacy Act

Thu, 26 Mar 2026 09:00:04 -0400

On March 23, 2026, South Dakota Governor Larry Rhoden signed Senate Bill 49, a new law designed to “safeguard the integrity, privacy, and security of consumer genetic data,” which takes effect on July 1, 2026.

Continue Reading ›

Oklahoma Enacts Comprehensive Consumer Privacy Law

Wed, 25 Mar 2026 09:00:05 -0400

On March 20, 2026, Oklahoma Governor Kevin Stitt signed SB 546 into law, enacting the Oklahoma Consumer Data Privacy Act, which will take effect on January 1, 2027.

Continue Reading ›

UK ICO Publishes Guidance on Recognized Legitimate Interest Basis

Wed, 25 Mar 2026 09:00:06 -0400

On March 23, 2026, the UK Information Commissioner's Office released new guidance clarifying the use of the new recognized legitimate interest lawful basis for processing personal information under UK data protection law.

Continue Reading ›

Virginia Appeals Preliminary Injunction Barring Enforcement of Age-Based Restrictions on Social Media Use

Thu, 19 Mar 2026 09:00:07 -0400

On March 3, 2026, the Virginia Attorney General appealed a federal court’s grant of a preliminary injunction barring the enforcement of a new Virginia law requiring age verification and a time limit on social media use by minors under the age of 16 pending a final determination on the merits.

Continue Reading ›

CalPrivacy Issues $1.1 Million Fine for CCPA Violations Involving Student Privacy

Wed, 11 Mar 2026 09:00:08 -0400

On March 3, 2026, the CalPrivacy announced its first enforcement action involving student privacy, requiring PlayOn Sports to pay a $1.10 million fine for alleged violations of the CCPA’s opt-out rights and requirements.

Continue Reading ›

HHS Final Rule on 42 CFR Part 2 Requires Targeted Updates to HIPAA Privacy Notices

Tue, 10 Mar 2026 09:00:09 -0400

Recent changes to 42 CFR Part 2 mean many covered entities must update their HIPAA Notices of Privacy Practices by February 16, 2026.

Continue Reading ›

Alabama Enacts App Store Accountability Act Requiring Age Verification

Mon, 09 Mar 2026 09:00:10 -0400

On February 5, 2026, Alabama Governor Kay Ivey signed Alabama House Bill 161, the App Store Accountability Act, establishing age categorization, age verification and parental consent requirements for mobile application marketplace providers operating in Alabama, effective January 2027.

Continue Reading ›