After attempting to amend its first-in-the-nation AI law for two years and three legislative sessions, on May 9, 2026, the Colorado legislature passed SB 26-189. It now awaits the governor’s signature and is expected to be signed into law, which will go into effect January 1, 2027.
A recent decision from the Northern District of California reminds corporate defendants in Internet tracking cases that strategies to defeat class certification based on individualized issues can be just as critical as merit-based defenses.
In In re Meta Pixel Tax Filing Cases, No. 22-cv-07557-PCP (N.D. Cal. Mar. 30, 2026), a group of plaintiffs sought
Following the release of the Trump Administration’s new National Cyber Strategy, National Cyber Director Sean Cairncross noted in a virtual interview that the administration is considering changes to the existing cyber incident reporting rules previously promulgated by the Cybersecurity and Infrastructure Security Agency (CISA). According to Cairncross, the administration wants to ensure the rules
Over the last few years, businesses, nonprofits, and other website operators have seen thousands of lawsuits and arbitrations filed under the California Invasion of Privacy Act (CIPA) alleging that the use of ubiquitous cookies and pixels on websites violates CIPA’s wiretap and pen register provisions. The California legislature considered curbing that explosion of litigation with
On January 6, 2025, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) published a Notice of Proposed Rulemaking (“NPRM”) to amend the Health Insurance Portability and Accountability Act (“HIPAA”) Security Rule. The proposed changes, if enacted, would represent the first update
On November 21, the Federal Trade Commission (“FTC”) approved in a 3-0 vote a resolution authorizing the use of compulsory process in nonpublic investigations involving products and services that involve or claim to involve Artificial Intelligence (AI).
Compulsory process is akin to a subpoena, and it allows the FTC to request the production of information
On October 27, the Federal Trade Commission (“FTC”) unanimously voted to amend the Safeguards Rule to require non-banking financial institutions, such as mortgage brokers, motor vehicle dealers, and payday lenders, to report data breaches and security events to the Agency. This amendment will become effective 180 days after its publication in the Federal Register.
Under
On May 28, Texas became the sixth state this year to pass a comprehensive data protection law. Although the Texas Data Privacy and Security Act (“TDPSA”) is largely in line with the Virginia Consumer Data Protection Act and other recently passed state privacy laws, it has a few key distinctions that may cause