Connect with us
Client Portals
State-level data privacy laws are rapidly spreading across the U.S., creating a complex patchwork that even small businesses must navigate. Compliance involves understanding which laws apply, updating privacy policies, managing consumer data requests, and securing…
California’s SB 53 requires large AI developers (≥$500M revenue) to publicly disclose safety frameworks, report critical risks, and protect whistleblowers. The law establishes a reporting system for safety incidents, penalties up to $1 million, and a government…
Over 3.3 million people had sensitive personal data exposed in a cyberattack on DISA Global Solutions, a major US employee screening company. The breach, occurring Feb. 9, 2024, went undetected until April 22, and may have exposed Social Security numbers, financial…
Starting July 1, 2025, Colorado’s Biometric Data Privacy Amendment introduces strict requirements for collectingbiometric data from individuals, including employees and job applicants. Employers must obtain limited-purposeconsent, follow a strict data deletion…
A U.S. company faces GDPR obligations only if it intentionally “targets” people in the EU—through European-languagemarketing, EU domains, EU payment or shipping options, or dedicated contacts. Minimal incidental access (e.g. aEuropean visiting the site) generally does…
With no federal data privacy law, 20 states have enacted laws and ramped up enforcement. California fined Healthline$1.55 million for CCPA violations involving tracking technologies and poor disclosures. Connecticut finedTicketNetwork $85,000 for deficient privacy…
The Texas Responsible AI Governance Act, effective January 2026, applies to businesses using AI systems in Texasor serving Texas residents. Compliance requires clear policies on AI purpose, data use, performance evaluation, postdeployment monitoring, user safeguards,…
Tennessee’s Information Protection Act (TIPA), effective July 2025, regulates businesses operating in Tennessee orserving its residents with over $25 million revenue and significant personal data handling. It grants consumers rights toaccess, correct, delete data, and…
Effective July 1, 2025, Colorado’s Privacy Act expands to impose obligations on any organization handling biometricidentifiers or biometric data, even if previously exempt. Required actions include clear prior notice, informed consent, apublic written policy with…
On July 1, 2025, California’s Attorney General secured a landmark $1.55 million settlement with Healthline—thelargest to date under the CCPA. Healthline was found to have failed to honor opt-out requests, improperly sharedsensitive health-related article titles, and…