Privacy

The 2025 legislative cycle marked a pivotal year in U.S. privacy law, defined not only by continued nationwide expansion into AI) governance, children’s and teen privacy and online safety, as well as emerging data categories. In this article, we detail what enterprises need to be prepared for in 2026 and explain why we believe next year will be a watershed period for consumer privacy in the U.S.

Businesses subject to the CCPA now must conduct risk assessments for certain types of processing activities and, starting in 2028, must certify to California regulators that they completed the assessments.

The U.S. Supreme Court will consider if Internet users can sue websites for sharing their data with Facebook under the 1988 law aimed at protecting customers' private video rental history.

As we enter 2026, the winners will be those who operationalize compliance as a capability by linking AI governance, privacy discipline, and cybersecurity resilience to business enablement.

As we kick off the new year, we asked several members of Taft’s Privacy, Security, and Artificial Intelligence practice group to share their thoughts on what should be on a client’s list of resolutions for 2026.

An annual tradition continues at Cybersecurity Law & Strategy as we poll our panel of experts on the key developments of 2025 and what we can expect in 2026 in AI, privacy, e-discovery and other areas of legal tech.

APAC is awash with recent changes in AI, privacy and cybersecurity regulations. Part one of this article examined the specifics of those changes and the paradigm shift they are precipitating. Part two explores the real-world implications of those changes and key takeaways for compliance teams.

The increasing prevalence of cyberstalking, harmful deepfakes and online harassment is creating profound risks for individuals and organizations. So much so that Congress has implemented a federal statute designed to shift liability toward online platforms and provide victims with enforceable removal rights.