Privacy & Cybersecurity Law Blog

On April 1, 2026, the U.S. Court of Appeals for the Seventh Circuit held that the 2024 amendment to Illinois’ Biometric Information Privacy Act, limiting damages, applies retroactively to pending cases.

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

As reported on the Hunton Employment & Labor Perspectives blog, SB 574 is a California bill that would set specific duties for attorneys who use generative artificial intelligence and would restrict how arbitrators may use such tools in decision-making.

On March 25, 2026, the UK Information Commissioner’s Office and the UK Office of Communications released a joint statement addressing the intersection of online safety and data protection in relation to age assurance.

On March 23, 2026, South Dakota Governor Larry Rhoden signed Senate Bill 49, a new law designed to “safeguard the integrity, privacy, and security of consumer genetic data,” which takes effect on July 1, 2026.

On March 20, 2026, Oklahoma Governor Kevin Stitt signed SB 546 into law, enacting the Oklahoma Consumer Data Privacy Act, which will take effect on January 1, 2027.

On March 23, 2026, the UK Information Commissioner's Office released new guidance clarifying the use of the new recognized legitimate interest lawful basis for processing personal information under UK data protection law.

On March 3, 2026, the Virginia Attorney General appealed a federal court’s grant of a preliminary injunction barring the enforcement of a new Virginia law requiring age verification and a time limit on social media use by minors under the age of 16 pending a final determination on the merits.    

On March 3, 2026, the CalPrivacy announced its first enforcement action involving student privacy, requiring PlayOn Sports to pay a $1.10 million fine for alleged violations of the CCPA’s opt-out rights and requirements.

Recent changes to 42 CFR Part 2 mean many covered entities must update their HIPAA Notices of Privacy Practices by February 16, 2026.