Privacy

Subscribe to Privacy via RSS

The General Services Administration Federal Acquisition Service has released draft contract terms and conditions related to AI-related procurements through a new proposed GSAR clause 552.239-7001, “Basic Safeguarding of Artificial Intelligence Systems” (February 2026), that would impose material new requirements on contractors and service providers supplying AI capabilities to the federal government. If adopted, the clause

On April 1, 2026, the U.S. Court of Appeals for the Seventh Circuit, which consolidated three interlocutory appeals, issued a significant ruling in Clay v. Union Pacific Railroad Co., that resolves the question of whether Illinois’s 2024 amendment to the Biometric Information Privacy Act (“BIPA”) applies retroactively to cases pending when it was enacted.

The California Privacy Protection Agency (CalPrivacy) is entering an aggressive new phase of privacy regulation and enforcement, of which companies doing business in California should be aware. CalPrivacy already brought enforcement actions against many companies, maintains over 100 active investigations and has signaled an increased pace of enforcement.

Continue Reading CalPrivacy Ramps Up Privacy Enforcement

Data Privacy Day offers a natural checkpoint to take stock of a fast‑moving legal landscape. As of January 1, 2026, several significant U.S. state privacy laws and regulatory updates are now live, with additional U.S. and global milestones queued up throughout 2026. Below we summarize important changes already in effect and highlight issues to monitor as the year unfolds.

Continue Reading Data Privacy Day 2026: What Changed on Jan. 1 — And What to Watch Next

With Halloween lurking around the corner and as National Cybersecurity Awareness Month comes to a close, the McGuireWoods Data Privacy & Cybersecurity Practice Group reminds you to not wait to be spooked by a cybersecurity incident or haunted by the task of maintaining your cybersecurity program.

Today’s threat landscape is rapidly changing and accelerated evermore by the capabilities of AI and automation on both sides of the cyber battlefield. Organizations that stay ahead are using established cybersecurity frameworks to provide a strong architecture on which to continuously evolve their cybersecurity program and testing their response to the latest threats through tabletop exercises. By leveraging modern technologies, such as AI-enabled detection, zero trust architectures, automated configuration management, and secure-by-design engineering, leading organizations are making cybersecurity not just stronger, but measurably faster, leaner, and more resilient.

Continue Reading Halloween Reminder – Don’t Get Haunted by Hacks

California’s Invasion of Privacy Act (CIPA) is a 1967 criminal wiretapping statute being stretched to govern 2025-era internet technologies.  The result has been a patchwork of conflicting decisions that turn on hair-splitting distinctions about what it means to “read” a communication “in transit,” whether URLs and clickstream data constitute “contents,” and how third-party service providers fit within a statute that never contemplated real-time web analytics, session replay tools, or ad technology.

Continue Reading California’s CIPA Jurisprudence Is Unworkable: The Legislature Should Fix It—Starting With SB 690

In a significant step toward strengthening consumer privacy protections, the California Privacy Protection Agency (CPPA) board has officially adopted a comprehensive set of updates to the California Consumer Privacy Act (CCPA) regulations.  These long-anticipated regulations—covering cybersecurity audits, risk assessments, and automated decision-making technology (ADMT)—mark a pivotal shift in the state’s data privacy enforcement landscape.

Continue Reading New CCPA Rules Are Here: Is Your Business Ready for What’s Next?

Regulators of data privacy laws have expressed a desire in recent months to intensify enforcement around opt-out preference signals, also known as universal opt-out mechanisms (the “Opt-Out Signals”).

Opt-Out Signals allow consumers to automatically opt-out of the sale and sharing of personal information for targeted advertising across all websites they may visit through an internet

In 2020, California was the first mover in state comprehensive privacy law legislation, a distinction it held for approximately three years before other states took similar action.  Indeed, eighteen additional states have passed their own privacy bills, along with many complementary laws related to children’s privacy, consumer health data privacy, biometric data privacy, and data broker practices.  Notwithstanding these efforts, California has retained its reputation as the most formidable state enforcer of privacy law protections—until now, at least.  As we explain, recent enforcement actions by the Attorneys General of Connecticut and Nebraska highlight an important shift: states beyond California are not only enacting laws aimed at safeguarding privacy, they are taking action to demonstrate that those laws have teeth.

Continue Reading State AGs Step Up Enforcement: Recent Lessons from Privacy Law Enforcement in Connecticut and Nebraska

Amazon’s recent announcement to invest at least $20 billion in cloud computing and AI data center campuses across Pennsylvania — a record‑breaking private investment in the state — marks a turning point in digital infrastructure build-out. Spanning sites in Luzerne and Bucks counties, the project promises 1,250 full‑time roles and thousands more in construction, while