Last week, the House Energy and Commerce and Financial Services Committees announced a joint effort to advance two new data privacy bills:  the Securing and Establishing Consumer Uniform Rights and Enforcement over Data Act (the SECURE Data Act) and the Guidelines for Use, Access, and Responsible Disclosure of Financial Data Act (the GUARD Financial Data Act).

(At minimum, points to Congress for the acronyms).

If you have been watching federal privacy legislation over the past few years, the SECURE Data Act alone may not inspire much excitement. Congress has been attempting comprehensive federal privacy legislation for years without much success, and this bill follows that tradition of ambition. That said, the SECURE Data Act is the result of over a year of work by the House Energy and Commerce Data Privacy Working Group and contains a few notable developments worth paying attention to. This package also includes a serious, targeted effort to modernize the Gramm-Leach-Bliley Act (the GLBA) through the GUARD Financial Data Act.

Below, we overview both bills, briefly explain why comprehensive federal privacy legislation has historically stalled, and discuss what this means for businesses today.

Continue Reading A New Push for Federal Privacy Law: What to Know About SECURE and GUARD

We have another one! We wrote last week about Oklahoma’s new consumer protection law. Now, Alabama has passed its own comprehensive privacy law. The Alabama Personal Data Protection Act, House Bill 351, (the  Law) will go into effect on May 1, 2027.

Here is a general summary of what to expect:

Continue Reading “Sweet Home, Data Privacy” – Alabama’s New Privacy Law is Coming Online in 2027

Oklahoma has joined the growing chorus of states enacting comprehensive consumer privacy legislation. With the passage of Senate Bill 546, the Sooner State has a new data protection framework taking effect on January 1, 2027.

Here is what businesses need to know.

Continue Reading “Oh What a Beautiful Morning” for Oklahoma Privacy:  Key Takeaways from the Sooner States’ New Consumer Data Protection Law

On April 22, 2026, the Federal Trade Commission will begin enforcing compliance with its most recent amendments to the Children’s Online Privacy Protection Rule (the COPPA Rule). As discussed in more detail below, the FTC published amendments in a 2025 final rule that, among other updates, expands the scope of the COPPA Rule, expands notice requirements, and requires specific data retention and information security policies and procedures.

Continue Reading Enforcement Begins Soon for Significant COPPA Rule Amendments

In the payments world, commentators note Illinois’ recent Interchange Fee Prohibition Act, which prohibits charging interchange fees on the tax or tip portions of processed transactions.

Key portions of the law take effect July 1.

Continue Reading Payments and Privacy – What Issues Should Payment Service Providers Be Paying Attention To?

As previously reported, states such as California, Louisiana, Texas and Utah have adopted App Store Accountability (ASA) Laws. These new laws require app store operators (e.g., Apple and Google) along with app developers (i.e., the business that owns the app) to implement safeguards for age verification. While these laws are framed as child-protection measures, their impact is universal. Every app must comply, regardless of its audience. For businesses, meeting the requirements outlined in ASA Laws is mandatory for apps to remain available for download.

Louisiana, Texas and Utah’s laws are similar and take effect at various points in 2026, while California’s Digital Age Assurance Act (CA ASA Law) is unique and takes effect January 1, 2027. This is what businesses should know about the unique features of the CA ASA Law.

Continue Reading A Deeper Dive Into California’s App Store Accountability Law

The Federal Trade Commission (FTC) is once again taking aim at its Negative Option Rule, signaling a renewed effort to address deceptive subscription and automatic renewal practices.

On March 11, 2026, the FTC released an Advance Notice of Proposed Rulemaking (ANPRM) seeking input on whether the rule should be updated to reflect today’s subscription‑driven marketplace. The agency emphasized that negative option programs continue to generate substantial consumer frustration, including more than 100,000 complaints over the past five years.

Continue Reading FTC’s Negative Option Rule Revived – Public Comment Period

From California to Texas to Ohio, lawmakers are increasingly turning to age-verification requirements to protect children online. These laws target a range of concerns, with a growing body of research suggesting that certain online activities may pose risks to children’s mental health and well-being.

At the same time, privacy laws continue to proliferate across the United States, many of which emphasize data minimization and limitations on the use of sensitive personal information. This creates a growing tension. Protecting children online may require companies to collect more personal data than they otherwise would, and potentially subject themselves to additional privacy requirements and consumer concerns.

Continue Reading Collection for Protection: The Age-Verification Paradox

The use of AI in hiring and employment contexts has become a special area of interest for U.S. state legislatures in recent years. Does your business utilize AI solutions for recruiting, hiring, or other HR-related functions? Are these teams planning on implementing such technologies to increase efficiency?

Several states have enacted laws specifically regulating the use of AI in these contexts. Human resources and hiring teams need to ensure that current and planned AI use is understood and that new legal risks are identified and addressed.

Continue Reading The Use of AI in Interviewing, Hiring, and HR

The Video Privacy Protection Act (VPPA), signed into law by President Ronald Reagan on November 18, 1988, grew out of one of Washington’s more underwhelming privacy scandals. During Judge Robert Bork’s Supreme Court confirmation hearings, a newspaper published his video rental history, which had been leaked by a video store clerk. This incident was intended to reveal his character but revealed nothing too controversial; the Bork Tapes showed that Judge Bork was partial to Alfred Hitchcock films, spy thrillers, and British costume dramas. Indeed, the enduring legacy of the Bork Tapes was not salacious, but legislative— the episode sparked bipartisan concern that something as personal as an individual’s viewing habits could be exposed without consent. In response, Congress moved swiftly to pass the VPPA, a law designed to shield Americans from unwarranted intrusions into their video rental and viewing records.

Continue Reading Defining “Consumer” in the Digital Age: The Supreme Court Takes Up the VPPA Divide