The GLBA, signed into law by Clinton in 1998, covers data privacy for financial institutions. The law requires these institutions, including “companies that offer consumers financial products or services like loans, financial or investment advice, or insurance,” according to the Federal Trade Commission, to safeguard sensitive data and explain how it uses customer data. Select your state below for a detailed guide to its data privacy laws, including breach notification requirements, consumer rights, penalties, and relevant federal protections.
New Privacy, Data Protection and AI Laws in 2026
Since then, CISA—a key partner for critical infrastructure entities like data centers to defend against physical and digital threats—has largely been silent, according to Scott Algeier, executive director of the Information Technology – Information Sharing and Analysis Center. The Department of Homeland Security’s cyber agency, the Cybersecurity and Infrastructure Security Agency, had sought to investigate the interdependencies of data centers and how failures could cascade into sectors like healthcare. But that work came to a halt with the partial government shutdown, now in its third month. Salute’s Britt said he saw a wave of new inquiries about security offerings in the last few weeks; which he called “an incredible uptick.” Security solutions extend beyond fences, cameras https://newsgary.com/quantum-ai-the-convenient-platform-for-trading-in-the-financial-market.html and robot guard dogs to include biometric security checkpoints.
Global regulators‘ priorities
6 These reflect some of the common exemptions under these laws, but there are others available under the comprehensive privacy laws. 1 The Florida Digital Bill of Rights is arguably a comprehensive privacy law, but it applies under narrow circumstances (e.g., among other things, companies that have over $1 billion https://northfloridahouse.com/powerful-ai-algorithms-for-market-analysis-and-automation-of-trading-processes.html in global gross annual revenues). The Attorney General must provide companies with notice and a 45-day opportunity to cure before bringing an action. If the violation is not cured, a court may assess a civil penalty of up to $15,000 per violation. “It’s not necessarily clear what organizations are expected to do under the current FTC,” said Melissa Levine, a partner at the law firm Hogan Lovells who advises clients on privacy compliance.
Universal Consumer Rights
As an example, in July 2025, the California Attorney General’s Office entered into the largest settlement to date under the CCPA ($1.55 million), California’s comprehensive privacy law, with an online health information publisher. The AG’s office alleged that the company’s website, among other things, failed to honor consumer opt-out requests, improperly shared personal data collected on the website with third parties, and maintained an ineffective cookie banner. In addition, perhaps even more impactful than the settlement amount, the company was required to implement a number of corrective action measures that required additional time and resources. Typically, sensitive personal information (and children’s information) require consent before it can be collected or processed, and additional security measures. Specific U.S. data privacy laws should be checked for their definitions and requirements for sensitive personal data.
- The start of a new year is the perfect opportunity to examine the impact of existing, new and amended privacy laws to your business operations.
- Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals.
- It depends on the criteria, but Connecticut claims to have a consumer-friendly data privacy law, though California’s laws could be considered for that designation as well.
- At a minimum, these include the rights to access data, rectify inaccurate data, request erasure of personal data and not be subject to automated decision-making.
- We expect oversight and enforcement by state regulators to continue to grow as state regulators become increasingly familiar and comfortable with protecting individuals’ privacy rights.
- „Everybody’s worried about what a new company can do with the data — and that is a concern — but frankly some of the things that people are worried about, 23andMe already can do or already does,“ Prince said.
Five states (California, Maine, New Hampshire, New York, and Utah) enacted chatbot-specific laws emphasizing transparency and safety protocols, particularly for sensitive use cases involving mental health and emotional companionship. Meta “massively violates” European data protection law by processing personal data to “profile” Facebook users, yielding the tech giant billions in profits, the release said. Lastly, new modes of interagency collaboration on regulatory matters are emerging to address the complex legal challenges brought about by AI. For example, in the U.K., the Digital Regulation Cooperation Forum brings together the ICO, Competition and Markets Authority, Office of Communications, and Financial Conduct Authority to regulate online safety, particularly the use of algorithms. In the U.S., interagency cooperation has been led by the Justice Department, EEOC, CFPB, HHS, FTC and numerous other federal agencies on issues such as advancing equity in AI. As regulators continue to confront challenges at the nexus of AI, privacy, data protection, competition, civil rights and numerous other priorities, AI operators can expect to see more toolkits, recommendations and guidance on how existing legal protections should apply.
Still, he said data center members of the IT-ISAC—a group of IT sector organizations, including data centers, that shares cyber threat intelligence with each other—are regularly engaging with the FBI’s field office in Northern Virginia. But to this point, security requirements for the facilities have been largely driven by data center owners—many of whom are Silicon Valley giants. Meanwhile, they’re the ones responsible for protecting the data, largely through methods like encryption.