In February 2026, a public-private partnership headed by the U.S. Department of the Treasury concluded an investigative process aimed at strengthening cybersecurity and risk mitigation for AI in the financial services sector.

The partnership consisted of executives from over 100 financial institutions, U.S. and international agencies, federal and state financial regulators, and other key stakeholders. One of the partnership’s key deliverables announced at the conclusion of the investigation is the Financial Services AI Risk Management Framework (Financial Services AI RMF), which adopts and expands the AI Risk Management Framework provided by the National Institute of Standards and Technology (NIST Framework) for specific application to the financial services industry.

Continue Reading Financial Services AI Risk Management Framework: Expanded Controls for the Financial Services Industry

On May 14, 2026, Colorado Governor Jared Polis signed SB 26-189, the new Colorado artificial intelligence statute which goes into effect January 1, 2027.  SB 26-189 replaces SB 24-205, the  controversial AI statute that had not yet become effective.

SB 26-189 was the result of several years of negotiations between groups seeking more regulation of AI, particularly with respect to consumer protection, and those concerned that SB 24-205 would impose significant costs and burdens on companies with employees, customers or other stakeholders in Colorado. 

Many technology industry participants would rather kiss a Wookiee than comply with SB 24-205 and expressed concern that SB 24-205 would cause technology companies to avoid Colorado due to its burdensome requirements.

Continue Reading Colorado Act Legislation: The AI Strikes Back

Among the growing number of state AI statutes, multiple states have now enacted laws governing the use of artificial intelligence technology by health insurers when determining whether or not to cover claims.

This article outlines some considerations for insurers, focusing on Nebraska, Georgia and Colorado statutes. 

Continue Reading AI and Insurance Claims: Beware Fully Automated Decision Making

Last week, on May 8, 2026, the public comment period for New York City’s own version of the “click-to-cancel rule” closed. The proposed rule (NYC Subscription Rule) was issued following an Executive Order from January 2026 by New York City Mayor, Zohran Mamdani, which focuses on ensuring New Yorkers are not forced to remain in unwanted subscriptions.

This Executive Order focuses on ensuring New Yorkers are not stuck with subscriptions. Under the Executive Order, NYC’s Department of Consumer and Work Protection (DCWP) will prioritize monitoring, investigating and taking enforcement action against subscription-related practices that deceive or mislead consumers.

Continue Reading Click‑to‑Cancel Comes to NYC: The Big Apple Cracks Down on Bad Apples (i.e., Bad Subscription Practices)

State privacy regulators continue to focus on consumers’ rights to opt out of the sale of personal information and targeted advertising, signaling that this issue remains a top enforcement priority across the United States.

As comprehensive state privacy laws mature, regulators are increasingly emphasizing not just the existence of opt‑out mechanisms, but whether businesses are properly honoring them in practice, particularly when those signals are conveyed through universal opt‑out tools such as the Global Privacy Control.

Continue Reading States Continue to Focus on the Right to Opt‑Out of the Sale of Personal Information and Targeted Advertising

Last week, the House Energy and Commerce and Financial Services Committees announced a joint effort to advance two new data privacy bills:  the Securing and Establishing Consumer Uniform Rights and Enforcement over Data Act (the SECURE Data Act) and the Guidelines for Use, Access, and Responsible Disclosure of Financial Data Act (the GUARD Financial Data Act).

(At minimum, points to Congress for the acronyms).

If you have been watching federal privacy legislation over the past few years, the SECURE Data Act alone may not inspire much excitement. Congress has been attempting comprehensive federal privacy legislation for years without much success, and this bill follows that tradition of ambition. That said, the SECURE Data Act is the result of over a year of work by the House Energy and Commerce Data Privacy Working Group and contains a few notable developments worth paying attention to. This package also includes a serious, targeted effort to modernize the Gramm-Leach-Bliley Act (the GLBA) through the GUARD Financial Data Act.

Below, we overview both bills, briefly explain why comprehensive federal privacy legislation has historically stalled, and discuss what this means for businesses today.

Continue Reading A New Push for Federal Privacy Law: What to Know About SECURE and GUARD

We have another one! We wrote last week about Oklahoma’s new consumer protection law. Now, Alabama has passed its own comprehensive privacy law. The Alabama Personal Data Protection Act, House Bill 351, (the  Law) will go into effect on May 1, 2027.

Here is a general summary of what to expect:

Continue Reading “Sweet Home, Data Privacy” – Alabama’s New Privacy Law is Coming Online in 2027

Oklahoma has joined the growing chorus of states enacting comprehensive consumer privacy legislation. With the passage of Senate Bill 546, the Sooner State has a new data protection framework taking effect on January 1, 2027.

Here is what businesses need to know.

Continue Reading “Oh What a Beautiful Morning” for Oklahoma Privacy:  Key Takeaways from the Sooner States’ New Consumer Data Protection Law

On April 22, 2026, the Federal Trade Commission will begin enforcing compliance with its most recent amendments to the Children’s Online Privacy Protection Rule (the COPPA Rule). As discussed in more detail below, the FTC published amendments in a 2025 final rule that, among other updates, expands the scope of the COPPA Rule, expands notice requirements, and requires specific data retention and information security policies and procedures.

Continue Reading Enforcement Begins Soon for Significant COPPA Rule Amendments

In the payments world, commentators note Illinois’ recent Interchange Fee Prohibition Act, which prohibits charging interchange fees on the tax or tip portions of processed transactions.

Key portions of the law take effect July 1.

Continue Reading Payments and Privacy – What Issues Should Payment Service Providers Be Paying Attention To?