On February 3, 2026, the UK Information Commissioner’s Office publicly confirmed that it has launched formal investigations into X Internet Unlimited Company and X.AI LLC, focused on the Grok artificial intelligence system.Continue Reading ›
Understanding California Cyber Audit Requirements
Under new regulations effective January 1, 2026, California regulators now expect businesses to conduct an annual “cybersecurity audit” that assesses “how the business’s cybersecurity program protects personal information from unauthorized access, destruction, use, modification, or disclosure; and protects against unauthorized activity resulting in the loss of availability of personal information.”
Now is the time to
UK: Commencement of the data protection provisions in the Data (Use and Access) Act
On 5 February 2026, the main changes to data protection legislation in Part 5 of the Data (Use and Access) Act 2025 (“DUAA”) came into force.
The DUAA was passed and received Royal Assent on 19 June 2025. Although some of the DUUA provisions came into force automatically, many of the reforms need to be
New CCPA Risk Assessment Requirements Now In Effect
Under newly implemented regulations of the California Consumer Privacy Act (CCPA), California now requires a formal risk assessment “before initiating any processing activity” of certain (sensitive) sorts. The regulation explicitly contemplates that businesses will complete risk assessments now, in 2026.
Eventually, such risk assessments – including those completed this year – must be signed by
Year in Review: 2025 Artificial Intelligence-Privacy Litigation Trends
In 2025, state and federal officials continued scrutinizing the data privacy aspects of artificial intelligence (AI) systems, with enforcement agencies focusing on deceptive marketing claims, opaque data use disclosures, and potential risks to children stemming from chatbots and AI enabled customer interaction tools.
California Data Broker Registration Deadline Arrives Jan. 31, Applying to More Businesses Than Ever
Data brokers who offered brokerage services in California in 2025 must register or re-register their status with the state’s data broker registry by Jan. 31, 2026.
In-scope companies that fail to do so may be liable for administrative fines or even reasonable expenses incurred by the CalPrivacy regulator in investigating and bringing an administrative action
Top 10 Privacy, AI & Cybersecurity Issues for 2026
As Data Privacy Day 2026 approaches, organizations face an inflection point in privacy, artificial intelligence, and cybersecurity compliance. The pace of technological adoption, in particular AI tools, continues to outstrip legal, governance, and risk frameworks. At the same time, regulators, plaintiffs, and businesses are increasingly focused on how data is collected, used, monitored, and safeguarded.
Privacy: Ten Things to Know
As we kick off a new year, may we at Taft be the first to wish you a happy Data Privacy Day! Yes, it is a thing. In the spirit of the Day, we thought of sharing ten things you may or may not know about privacy and maybe ways you can protect it better.
Year in Review: The Top Ten US Data Privacy Developments from 2025
In 2025, federal and state privacy activity grew through DOJ’s new Data Security Program and rising AI and child‑privacy laws, despite no new broad privacy bills.
Data Privacy Day 2026: What Changed on Jan. 1 — And What to Watch Next
Data Privacy Day offers a natural checkpoint to take stock of a fast‑moving legal landscape. As of January 1, 2026, several significant U.S. state privacy laws and regulatory updates are now live, with additional U.S. and global milestones queued up throughout 2026. Below we summarize important changes already in effect and highlight issues to monitor