In the span of just a couple days, the California Privacy Protection Agency (CalPrivacy) announced two significant privacy enforcement actions, highlighting the increasing scrutiny on companies’ handling of personal data. These actions underscore the agency’s commitment to ensuring that businesses comply with privacy laws designed to protect individuals’ rights, particularly focusing on transparency and ease
A new bill introduced in Connecticut—Connecticut Senate Bill 117, An Act Concerning Breaches of Security Involving Electronic Personal Information—would create mandatory forensic examination requirements for entities that experience a “massive breach of security,” defined as a data breach affecting at least 100,000 Connecticut residents, and imposes substantial penalties for noncompliance.
SB 117 would require entities
On February 5, 2026, Governor Henry McMaster signed into law South Carolina’s Age-Appropriate Code Design Act. South Carolina joins California, Maryland and Vermont in enacting an Age Appropriate Code Design Act that seeks to regulate website design and advertising that appeals specifically to Minors.
The statute applies to online services that conduct business in South
State privacy enforcement is entering a new phase, and Connecticut is quickly becoming a jurisdiction to watch. In its third annual Connecticut Data Privacy Act (CTDPA) enforcement report, the Office of Attorney General William Tong disclosed for the first time that it has opened multiple active investigations into how messaging platforms, gaming services, and AI
Two customers shopping for the same product on the same website at the same time may see two different prices. This scenario is a growing reality in today’s data-driven marketplace, and California regulators are paying attention. On Data Privacy Day 2026, California Attorney General Rob Bonta announced a new investigative sweep targeting “surveillance pricing”—a practice
On February 5, 2026, Florida Attorney General James Uthmeier announced the creation of a first-of-its-kind specialized civil and criminal unit, named Consumer Harm from International and Nefarious Actors or “CHINA” for short. The unit will be dedicated to investigating and prosecuting foreign corporations, particularly those with Chinese ownership, that collect consumer data from Florida residents.
China’s internet regulatory authority and top prosecutors have recently released a series of enforcement actions and cases, aimed at highlighting enforcement priorities in the data security realm over the last year. In 2025, enforcements under the Chinese Cybersecurity Law, the Data Security Law, the Personal Information Protection Law, and the Regulations on the Security Management
Navigating the 2026 CCPA Updates
As forecasted, effective January 1, 2026, businesses that are subject to the California Consumer Privacy Act (CCPA) must comply with newly-updated regulations. For some businesses, complying with these updates will require the implementation of or updates to policies and procedures related to, among other things, risk assessments, cybersecurity
The past year set up a clear clash between federal deregulatory efforts and state-level AI rulemaking, and 2026 is poised to be the year that conflict materializes in earnest. The Trump Administration signaled a strong preference for scaling back AI-specific rules while exploring avenues to preempt state and local measures, even as a growing number
Over the last few years, businesses, nonprofits, and other website operators have seen thousands of lawsuits and arbitrations filed under the California Invasion of Privacy Act (CIPA) alleging that the use of ubiquitous cookies and pixels on websites violates CIPA’s wiretap and pen register provisions. The California legislature considered curbing that explosion of litigation with