Connect with us
Client Portals
Indiana and Kentucky’s comprehensive data privacy laws take effect January 1, 2026, granting residents rights to access, correct, delete, or port their personal data and opt out of targeted advertising, sales, or profiling. Businesses meeting certain thresholds must…
Skyhigh Security launched a new data visibility and compliance dashboard within its DSPM Data Explorer, offering real-time, risk-focused insights across cloud and hybrid environments. The tool helps organizations identify, classify, and monitor sensitive data, assess…
The Consortium of Privacy Regulators is expanding, now including Minnesota and New Hampshire alongside eight other states to coordinate enforcement of comprehensive privacy laws. California’s CalPrivacy also launched a Data Broker Enforcement Strike Force to ensure…
Effective January 1, 2026, California employers with over $25 million in revenue must conduct privacy risk assessments before processing HR Data that presents significant privacy risks. Triggers include handling sensitive information, using automated decision-making…
State-level data privacy laws are rapidly spreading across the U.S., creating a complex patchwork that even small businesses must navigate. Compliance involves understanding which laws apply, updating privacy policies, managing consumer data requests, and securing…
California’s SB 53 requires large AI developers (≥$500M revenue) to publicly disclose safety frameworks, report critical risks, and protect whistleblowers. The law establishes a reporting system for safety incidents, penalties up to $1 million, and a government…
Over 3.3 million people had sensitive personal data exposed in a cyberattack on DISA Global Solutions, a major US employee screening company. The breach, occurring Feb. 9, 2024, went undetected until April 22, and may have exposed Social Security numbers, financial…
Starting July 1, 2025, Colorado’s Biometric Data Privacy Amendment introduces strict requirements for collectingbiometric data from individuals, including employees and job applicants. Employers must obtain limited-purposeconsent, follow a strict data deletion…
A U.S. company faces GDPR obligations only if it intentionally “targets” people in the EU—through European-languagemarketing, EU domains, EU payment or shipping options, or dedicated contacts. Minimal incidental access (e.g. aEuropean visiting the site) generally does…
With no federal data privacy law, 20 states have enacted laws and ramped up enforcement. California fined Healthline$1.55 million for CCPA violations involving tracking technologies and poor disclosures. Connecticut finedTicketNetwork $85,000 for deficient privacy…