privacy

Connecticut Updates Its Data Privacy Act, Imposing Significant New Privacy Requirements

By Tracy Shapiro, Maneesha Mithal, Edward Holman & Michelle Ullman on June 5, 2026

Last month, the Connecticut legislature passed two bills that amend and expand the Connecticut Data Privacy Act (CTDPA): Senate Bill 4 (SB 4) and House Bill 5222 (HB 5222). SB 4 (which was signed into law on May 27, 2026) and HB 5222 (which amends parts of SB 4 and was signed into law on June 2, 2026) contain new requirements for businesses and data brokers operating in the Constitution State.

2026 Year in Preview: U.S. Data, Privacy, and Cybersecurity Prediction

By Christopher Olsen, Maneesha Mithal, Kelly Singleton, Demian Ahn, Colin Black, Rebecca Weitzel Garcia & Doo Lee on January 6, 2026

Posted in Cybersecurity, Privacy

As we ring in the new year, we want to make you aware of key issues that we expect lawmakers and regulators to focus on this year. Below are the top U.S. data, privacy, and cybersecurity issues to watch out for in 2026:

Texas District Court Vacates 2024 HIPAA Rule Designed to Enhance Reproductive Healthcare Privacy, Effective Nationwide

By Jodi Daniel, Tracy Shapiro, Lidia Niecko-Najjum, Hale Melnick & Yeji Kim on July 3, 2025

Posted in Privacy

On June 18, 2025, the United States District Court for the Northern District of Texas vacated most of the rules designed to enhance reproductive healthcare privacy promulgated by the U.S. Department of Health and Human Services (HHS) in 2024. More specifically, the court ruled in Purl v. United States Department of Health and Human Services et al, No. 2:2024cv00228 (N.D. Tex. 2025) (the Decision) that the “Health Insurance Portability and Accountability Act Privacy Rule to Support Reproductive Health Care Privacy” (the “2024 HIPAA Rule”) is contrary to law because it unlawfully limits state public health laws; impermissibly redefines certain terms in contravention of federal law and in excess of statutory authority; and exceeds HHS’s authority. Regulations promulgated under HIPAA prior to the 2024 HIPAA Rule remain unchanged.

Utah Enacts Mental Health Chatbot Law

By Maneesha Mithal, Andrea Linna, Hale Melnick, Nawa Lodin & Kristen Abram on April 15, 2025

Posted in Privacy

On March 25, 2025, Utah Governor Spencer Cox signed HB 452, which establishes new rules for the use of artificial intelligence (AI) mental health chatbots accessible to any “Utah user,” defined as, “an individual located in the state at the time the individual accesses or uses a mental health chatbot.” Digital health companies and AI chatbot providers should take note of this new law to ensure compliance with its requirements.

New Federal Children’s Privacy Requirements Are Not Child’s Play: FTC Amends COPPA Rule, Imposing New Obligations on Child-Directed Services

By Libby Weingarten, Tracy Shapiro & Rebecca Weitzel Garcia on January 29, 2025

Posted in Privacy

Companies that may have child users, or whose competitors have child users, take note. On January 16, 2025, the Federal Trade Commission (FTC) announced the final amendments to the Children’s Online Privacy Protection Rule (COPPA Rule). At a high level, the COPPA Rule requires websites or online services to provide notice and obtain verifiable parental consent before collecting information from children under the age of 13. The Rule’s amendments slightly expand the Rule’s scope, change the previous notice and consent provisions, and implement new data security requirements. Violations of the Rule would be subject to $53,088 in civil penalties per violation.

Increased Focus on the Protection of Minors and Age Verification in the EU and the UK

By Marie Catherine Ducharme, Yann Padova, Cédric Burton & Tom Evans on January 9, 2025

Posted in Privacy

Legislators and regulators across the European Union (EU) and the United Kingdom (UK) are intensifying efforts to enhance the protection of minors online, responding to growing concerns about children’s safety in the digital space. Recent regulations (including the EU Digital Services Act) and guidance impose increasingly strict obligations for providers to restrict access to harmful content for children.

New Year, New Developments: 2025 U.S. Privacy, Cybersecurity, and Consumer Protection Predictions

By Maneesha Mithal, Christopher Olsen, Demian Ahn & Rebecca Weitzel Garcia on January 7, 2025

Posted in Privacy

With Inauguration Day just around the corner, we are likely to see a host of new legislative and enforcement initiatives at the federal level. The Federal Trade Commission (FTC) will shift certain priorities under incoming Chairman Andrew Ferguson’s direction. And at the state level, legislatures and state attorneys general (state AGs) will continue to be active, enacting and enforcing a slate of new laws. As we ring in the new year, companies should be mindful of the new laws, regulations, and enforcement priorities that will likely impact them. Below are the top 10 U.S. privacy, cybersecurity, and consumer protection developments to watch out for in 2025:

The Data Advisor

privacy

Connecticut Updates Its Data Privacy Act, Imposing Significant New Privacy Requirements

2026 Year in Preview: U.S. Data, Privacy, and Cybersecurity Prediction

Texas District Court Vacates 2024 HIPAA Rule Designed to Enhance Reproductive Healthcare Privacy, Effective Nationwide

Utah Enacts Mental Health Chatbot Law

New Federal Children’s Privacy Requirements Are Not Child’s Play: FTC Amends COPPA Rule, Imposing New Obligations on Child-Directed Services

Increased Focus on the Protection of Minors and Age Verification in the EU and the UK

New Year, New Developments: 2025 U.S. Privacy, Cybersecurity, and Consumer Protection Predictions

ABOUT OUR DATA, PRIVACY, AND CYBERSECURITY PRACTICE