Privacy & Cybersecurity Law Blog

On March 25, 2026, New Jersey enacted a new law restricting health care facilities’ collection and disclosure of certain patient information, including immigration status, citizenship status, place of birth, Social Security number and individual taxpayer identification number.

On March 24, 2026, Washington Governor Bob Ferguson signed House Bill 2225, an Act regulating artificial intelligence companion chatbots.

On April 1, 2026, the U.S. Court of Appeals for the Seventh Circuit held that the 2024 amendment to Illinois’ Biometric Information Privacy Act, limiting damages, applies retroactively to pending cases.

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

As reported on the Hunton Employment & Labor Perspectives blog, SB 574 is a California bill that would set specific duties for attorneys who use generative artificial intelligence and would restrict how arbitrators may use such tools in decision-making.

On March 25, 2026, the UK Information Commissioner’s Office and the UK Office of Communications released a joint statement addressing the intersection of online safety and data protection in relation to age assurance.

On March 23, 2026, South Dakota Governor Larry Rhoden signed Senate Bill 49, a new law designed to “safeguard the integrity, privacy, and security of consumer genetic data,” which takes effect on July 1, 2026.

On March 20, 2026, Oklahoma Governor Kevin Stitt signed SB 546 into law, enacting the Oklahoma Consumer Data Privacy Act, which will take effect on January 1, 2027.

On March 23, 2026, the UK Information Commissioner's Office released new guidance clarifying the use of the new recognized legitimate interest lawful basis for processing personal information under UK data protection law.

On March 3, 2026, the Virginia Attorney General appealed a federal court’s grant of a preliminary injunction barring the enforcement of a new Virginia law requiring age verification and a time limit on social media use by minors under the age of 16 pending a final determination on the merits.