• |

    Jun. 24, 2026

Vermont’s Stringent Privacy Law and Louisiana’s Fast Compliance Timeline Amplify Enforcement Risk

The AGs in Baton Rouge and Burlington have obtained comprehensive state privacy laws to enforce, bringing the total to 23 such laws in the U.S. The Louisiana Data Privacy Act largely follows a familiar template with a few divergences and a short runway before enforcement begins, while Vermont’s Data Privacy and Online Surveillance Act enters the elite group of strict states with a bundle of stringent demands. Vermont stands out for an expanded definition of PI that includes “derived data,” an explicit requirement to disclose data uses in AI training and a consumer right to request the specific third parties to whom their data has been sold. This article provides perspective on the distinctive compliance challenges that the two new laws pose and offers practical compliance steps that companies should prioritize, with commentary and recommendations from experts at Hinshaw & Culbertson, Kean Miller, Lewis Rice, McDermott Will & Schulte, and Red Clover Advisors. See “Alabama and Oklahoma Introduce Virginia-Style Privacy Laws” (May 6, 2026).

Ten Developments Reshaping Compliance Obligations As the GDPR Rounds Out Its First Decade

As the GDPR marks its 10th anniversary, it is entering a new phase of regulatory change that demands renewed attention from privacy teams. Proposed amendments, including through the Digital Omnibus, evolving guidance and heightened enforcement are reshaping how organizations must approach compliance. This article examines 10 important developments concerning the GDPR, distilling insights shared by Cooley attorneys during a firm presentation. See “What the E.U. Data Act Means for IoT Businesses Operating in Europe” (Apr. 15, 2026).

ACA Study Finds Widespread, but Limited, Implementation of AI

Although it may seem that AI is being deployed and embedded across the entire economy, uptake by financial services firms has been modest. “While most firms have begun to engage with AI, relatively few have translated that engagement into structured, scalable deployment,” according to ACA Group’s recent State of AI in Compliance and Operations report. This article synthesizes the key findings from the report and the insights from a related presentation by ACA Group on navigating agentic AI use, AI-related risks and a framework for developing robust AI governance. See “Benchmarking AI Uptake by Compliance Functions” (Dec. 3, 2025).

Most-Read Articles