Showing Posts In "Data Protection and Privacy" Category
Navigating The Kentucky Consumer Data Protection Act: A Compliance Guide for Businesses
The Kentucky Consumer Data Protection Act (KCDPA), which recently took effect, introduces new rights for consumers and obligations for businesses handling personal data. It grants individuals rights to access, correct, delete, and obtain copies of their data, as well as opt out of targeted advertising and data sales. Businesses must ensure transparency, limit data use, […]
No Slowing Down: Three More State Privacy Laws Take Effect
Three additional state privacy laws in Indiana, Kentucky, and Rhode Island took effect in 2026, expanding the U.S. total to about 20 comprehensive state privacy regimes. These laws largely follow existing frameworks but introduce varying thresholds and requirements, further complicating compliance for businesses operating across states. Organizations must assess applicability, update disclosures, and align data […]
Data Inventories: A First Step for Practical Privacy Compliance
Data inventories are a foundational step for practical privacy compliance, enabling organizations to understand what personal data they collect, how it is used, where it is stored, and with whom it is shared. A well-maintained inventory supports legal obligations, improves governance, and aligns privacy practices with actual operations. Inventories should be living tools involving cross-functional […]
California’s Risk Assessment Requirement Under the CCPA: What It Is, When It Applies, and How to Approach It
California’s new risk assessment requirement under the CCPA, effective in 2026, mandates that businesses evaluate high-risk data processing before implementation. Covered activities include selling data, processing sensitive information, and using automated decision-making technologies. Assessments must balance risks to consumers against benefits, document purposes, data use, and safeguards, and involve key stakeholders. The requirement emphasizes proactive […]
Alabama Set to Add Variation to US State Privacy Patchwork
Alabama is advancing a comprehensive consumer data privacy bill that would add a new variation to the growing patchwork of U.S. state privacy laws. The legislation sets relatively low thresholds for applicability, potentially covering more businesses, and includes unique provisions around data sales and enforcement by the attorney general. While it aims to balance consumer […]
US Lawyers Fire Up Privacy Class Action Accusing Lenovo of Bulk Data Transfers to China
A 2026 U.S. class action lawsuit accuses Lenovo of unlawfully transferring Americans’ personal data to China. The complaint alleges the company used website tracking tools to collect detailed user information—such as browsing activity and identifiers — and shared it with third parties and its Chinese parent, potentially violating U.S. Department of Justice data transfer rules. […]
IAPP Global Privacy Summit 2026: State AI Trends, FTC Signals, California’s DROP Build-Out, and the Hard Work of Cookie Compliance
At the 2026 IAPP Global Privacy Summit, regulators and experts emphasized that privacy compliance must move from theory to operational practice, especially as AI and data use grow more complex. Key themes included increased state-level AI regulation focused on transparency and accountability, evolving FTC enforcement priorities centered on effective remedies, and the need for ongoing, […]
State Enforcers Step Up Scrutiny of Foreign Data Transfers: What Organizations Should Know
State regulators are increasing scrutiny of foreign data transfers, especially involving sensitive personal data like biometric, location, and health information. With no comprehensive federal privacy law, states are stepping up enforcement and targeting companies that transfer large volumes of data overseas. Businesses must assess data flows, strengthen safeguards, and ensure compliance with evolving state laws. […]
Oklahoma’s New Consumer Privacy Law and Data Breach Updates: What Businesses Need to Know
Oklahoma enacted the Oklahoma Consumer Data Privacy Act, signed on March 20, 2026, which takes effect January 1, 2027, adding the state to the growing list of comprehensive privacy regimes. The law applies to businesses meeting specific data‑processing thresholds and grants residents rights to access, correct, delete, and opt out of personal data uses. It also updates breach notification […]
The Compliance Tightrope: Balancing Uniformity and Precision Across U.S. State Consumer Privacy Laws
U.S. businesses face growing challenges in complying with a rapidly expanding patchwork of state consumer privacy laws, due to the absence of a single federal framework. While many states share similar core consumer rights, key differences in definitions, thresholds, and obligations create significant complexity. Companies must balance two strategies — adopting a uniform national approach […]
SUBSCRIBE TO OUR NEWSLETTERS
The Global Background Screener
The Background Buzz!
(U.S. Background Screening
E-Magazine)