Companies of all types are deploying chatbots using generative artificial intelligence (GenAI). While these tools offer significant potential benefits, they also present legal and regulatory risks that must be managed. GenAI...more
11/25/2025
/ Artificial Intelligence ,
Bots ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
COPPA ,
Data Privacy ,
Disclosure Requirements ,
Enforcement Actions ,
Regulatory Requirements ,
Risk Management ,
State Privacy Laws ,
Wiretap Act ,
Wiretapping
Cybersecurity risks are evolving, in part because bad actors – including scammers and fraudsters – are leveraging widely available artificial intelligence (AI) tools for nefarious purposes. In the escalating fraud landscape,...more
11/13/2025
/ Artificial Intelligence ,
Best Practices ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Protection ,
Data Security ,
Financial Crimes ,
FinCEN ,
Fraud ,
Identity Theft ,
Information Sharing ,
Know Your Customers ,
Phishing Scams ,
Ransomware ,
Risk Management ,
Risk Mitigation
Following several years of intensive rulemaking, the California Privacy Protection Agency (CPPA) has finalized new regulations under the California Consumer Privacy Act (CCPA) that govern three critical areas: (1) mandatory...more
10/9/2025
/ Artificial Intelligence ,
Audits ,
Automated Decision Systems (ADS) ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
New Regulations ,
Regulatory Requirements ,
Risk Assessment ,
Risk Management
On September 24, 2025, the White House Office of Science and Technology Policy (OSTP) issued a Request for Information (RFI), Regulatory Reform on Artificial Intelligence, seeking comment on federal statutes and regulations...more
9/30/2025
/ Artificial Intelligence ,
Comment Period ,
Emerging Technologies ,
Government Agencies ,
Innovation ,
Innovative Technology ,
OSTP ,
Public Comment ,
Regulatory Agencies ,
Regulatory Reform ,
Regulatory Requirements ,
Request For Information ,
Trump Administration
WHAT: The Director of National Intelligence (DNI), as recommended by the Federal Acquisition Security Council (FASC), issued the first order under the Federal Acquisition Supply Chain Security Act (FASCSA or Act). The order...more
Since returning from its August recess, Congress’ flurry of activity has included a focus on artificial intelligence (AI), among other priorities. In particular, last week saw two key developments that illustrate a desire on...more
9/16/2025
/ Artificial Intelligence ,
China ,
Congressional Committees ,
Government Agencies ,
Innovation ,
Innovative Technology ,
Machine Learning ,
National Security ,
New Legislation ,
OSTP ,
Popular ,
Regulatory Oversight ,
Regulatory Reform ,
Senate Committees ,
Technology Sector
A vital cyber defense law known as the Cybersecurity Information Sharing Act of 2015 (CISA 2015) is poised to expire at the end of the month, and leaders in the House and Senate are working to negotiate a replacement within...more
9/5/2025
/ Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Information Sharing ,
Liability ,
National Security ,
New Legislation ,
Preemption ,
Proposed Legislation ,
Regulatory Reform ,
Risk Management ,
Senate Committees ,
Threat Management ,
Wiretapping
For the latest installment of our series of practical insights on emerging Federal Trade Commission (FTC) consumer protection and data privacy priorities, we discuss coverage and requirements under the Fair Credit Reporting...more
8/21/2025
/ Class Action ,
Consumer Financial Protection Bureau (CFPB) ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Consumer Reporting Agencies ,
Consumer Reports ,
Data Brokers ,
Data Privacy ,
Enforcement Actions ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
Regulatory Requirements
In response to 2024 legislative amendments to the Colorado Privacy Act (CPA), Colorado’s Department of Law (CO DOL) has issued a Notice of Proposed Rulemaking, proposing draft amendments to the CPA rules (Proposed Rules)...more
8/18/2025
/ Colorado ,
Comment Period ,
Consent ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Minors ,
Notice of Proposed Rulemaking (NOPR) ,
Online Safety for Children ,
Personal Data ,
Proposed Rules ,
Rulemaking Process ,
State Privacy Laws
As part of our series to provide practical insights into emerging Federal Trade Commission (FTC) priority areas for consumer protection and data privacy enforcement, we are taking a deep dive into the Protecting Americans’...more
8/13/2025
/ Compliance ,
Corporate Counsel ,
Cross-Border Transactions ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
National Security ,
New Legislation ,
Personal Data ,
Protecting Americans Data from Foreign Adversaries Act (PADFA) ,
Regulatory Requirements ,
Risk Management ,
Sensitive Personal Information
Companies in virtually every critical infrastructure sector have to navigate the maze of duplicative, inconsistent, and fragmented cybersecurity regulations imposed by federal and state governments. For example, as we have...more
8/8/2025
/ Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Government Agencies ,
Legislative Agendas ,
New Legislation ,
OMB ,
Proposed Legislation ,
Proposed Rules ,
Regulatory Reform ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
On July 23, 2025, the White House released the much anticipated AI Action Plan (Action Plan), along with three accompanying Executive Orders (EO). The Action Plan—entitled Winning the Race: America’s AI Action...more
7/25/2025
/ Artificial Intelligence ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Centers ,
Department of Homeland Security (DHS) ,
Executive Orders ,
Exports ,
Federal Trade Commission (FTC) ,
Infrastructure ,
Innovation ,
National Security ,
OSTP ,
Popular ,
Regulatory Reform ,
Trump Administration ,
U.S. Commerce Department
Recent enforcement activities in California and Connecticut highlight that states are ready and willing to actively enforce their comprehensive privacy laws. These recent actions – which continue the trend of states ramping...more
7/17/2025
/ California Consumer Privacy Act (CCPA) ,
Compliance ,
Connecticut ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Enforcement Actions ,
Opt-Outs ,
Personal Data ,
Privacy Policy ,
Sensitive Personal Information ,
State Attorneys General ,
State Privacy Laws
The U.S. Department of Justice (DOJ) is set to enforce its sweeping new rule on certain U.S. data transactions with countries of concern and covered persons as of July 9, 2025. The new rule regarding “Preventing Access to...more
7/9/2025
/ China ,
Compliance Dates ,
Corporate Counsel ,
Data Privacy ,
Data Security ,
Department of Justice (DOJ) ,
Economic Sanctions ,
Enforcement ,
Enforcement Actions ,
Export Controls ,
Governance Standards ,
International Data Transfers ,
National Security ,
New Regulations ,
Regulatory Requirements
On June 22, 2025, Texas Governor Greg Abbott signed the Texas Responsible Artificial Intelligence Governance Act (TRAIGA or the Texas AI Act) into law. The new law goes into effect January 1, 2026. The law places obligations...more
6/24/2025
/ Algorithms ,
Artificial Intelligence ,
Biometric Information ,
Corporate Counsel ,
Data Privacy ,
Enforcement ,
Enforcement Actions ,
Governance Standards ,
Government Agencies ,
Governor Abbott ,
Machine Learning ,
New Legislation ,
NIST ,
Privacy Laws ,
Regulatory Requirements ,
State and Local Government ,
State Attorneys General ,
State Privacy Laws ,
Texas
On June 2, the New Jersey Division of Consumer Affairs (Division) published proposed regulations to implement the New Jersey Data Privacy Act (NJDPA). Of note, these rules were proposed months after the NJDPA went into effect...more
6/17/2025
/ Comment Period ,
Compliance ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
New Jersey ,
Notice Requirements ,
Personal Data ,
Proposed Legislation ,
Proposed Rules ,
Regulatory Requirements ,
State Privacy Laws
On May 27, 2025, the Federal Communications Commission (FCC or Commission) released a Notice of Proposed Rulemaking (Foreign Adversary NPRM or NPRM) that seeks to promote U.S. national security by providing “a new and...more
5/29/2025
/ Broadcasting ,
China ,
Comment Period ,
Cybersecurity ,
Disclosure Requirements ,
FCC ,
Foreign Adversaries ,
Foreign Ownership ,
National Security ,
NPRM ,
Proposed Rules ,
Reporting Requirements ,
Russia ,
Telecommunications ,
VoIP
State enforcement agencies are keeping the pressure on businesses, with two new enforcement actions announced this week in California and Texas. This activity signals to companies – both within and outside of the United...more
IAPP’s Global Privacy Summit in DC this week has featured panels with several state regulators charged with enforcing their state’s privacy laws, including regulators from California, Colorado, Connecticut, and Oregon. The...more
IAPP’s Global Privacy Summit kicked off on April 22 with keynote remarks from Federal Trade Commission (FTC) Commissioner Melissa Holyoak, who highlighted her top priorities for privacy enforcement and the digital economy. ...more
Virginia recently amended its Consumer Protection Act (the Act) to provide enhanced protection for reproductive and sexual health information. These protections take effect on July 1, 2025.
The amendment prohibits a...more
On April 7, 2025, the Consumer and Governmental Affairs Bureau (Bureau) of the Federal Communications Commission (FCC or Commission) issued an Order (Extension Order) granting a limited waiver of a new Telephone Consumer...more
On April 3, the Office of Management and Budget (OMB) released two much-anticipated memos that will impact the use and procurement of artificial intelligence (AI) by the federal government, signaling an appetite to move...more
On January 8, 2025, the U.S. Department of Justice (Department or DOJ) issued new rules required by then-President Biden’s February 2024 Executive Order (EO) 14117 to establish a new regulatory framework aimed at “Preventing...more
4/4/2025
/ Biometric Information ,
China ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
Executive Orders ,
Final Rules ,
National Security ,
New Regulations ,
Popular ,
Reporting Requirements ,
Sensitive Personal Information
This week in our March Privacy Forecast, we discuss privacy and data security enforcement trends at the state and federal levels. Particularly as state privacy laws continue to expand and evolve, companies should understand...more