Oklahoma Senate Bill 626, which amends Oklahoma’s Security Breach Notification Act, recently became law without the Governor’s signature. The legislation will go into effect Jan. 1, 2026. The amendments include...
Posts published by “Eric Rosenkoetter”
Eric Rosenkoetter is a principal at Maurice Wutscher LLP, and is focused on advising clients with respect to federal and state consumer financial protection laws and data privacy and security, and he is a Certified Information Privacy Professional though the International Association of Privacy Professionals. He also brings to the table experience as a litigator, chief compliance and ethics officer, director of legislative affairs, federal lobbyist, and administrative hearings officer. Eric earned his Juris Doctor from Washington University School of Law, and his Bachelor of Business Administration from Southern Methodist University. He is a member of the International Association of Privacy Professionals, the Receivables Management Association International (RMAI), and ACA International. He is admitted to practice law in Texas and Missouri and in the U.S. District Courts for the Northern, Southern, Eastern, and Western Districts of Texas. For more information, see https://mauricewutscher.com/attorneys/eric-rosenkoetter/
North Dakota Gov. Kelly Armstrong recently signed into law House Bill 1127 which is nearly identical to the Gramm-Leach-Bliley Act Safeguards Rule, including the more recent amendments regarding data breach notifications. The law will go into effect Aug. 1, 2025.
Virginia Gov. Glenn Youngkin on March 24 vetoed House Bill 2094, the “High-Risk Artificial Intelligence Developer and Deployer Act.” The veto can only be overridden by a two-thirds vote of the House, which seems unlikely given the close vote in the House on the Senate substitute (52-Y; 46-N).
Utah Gov. Spencer Cox on March 27 signed into law Senate Bill 226 relating to the use of generative artificial intelligence in consumer transactions and regulated services. The law goes into effect on May 7, 2025.
Kentucky Gov. Andy Beshear on March 15 signed into law House Bill 473, which amends the Kentucky Consumer Data Protection Act. The amendments will go into effect Jan. 1, 2026.
The upward trend in data privacy legislation continued in 2024. Narrowing the focus to “comprehensive” legislation, i.e., that which conveys certain rights to consumers and restricts the collection and use of their personal information, over 70 bills were filed.
New York Gov. Kathy Hochul recently signed into law A8872-A and S2659-B which amend New York’s data breach notification law.
Pennsylvania Gov. Josh Shapiro recently approved Senate Bill 824, which amends Pennsylvania’s data breach notification law, 73 Pa. Stat. Ann. § 2301, et seq.
Rhode Island Senate Bill 2500, the "Rhode Island Data Transparency and Privacy Protection Act," was enacted on June 28 without Gov. Dan McKee’s signature. The Act will go into effect Jan. 1, 2026.
Minnesota Gov. Tim Walz recently signed into law HF 4757, the Minnesota Consumer Data Privacy Act, making Minnesota the 18th state to enact a comprehensive consumer data privacy law. The Act will go into effect July 31, 2025.
Maryland Gov. Wes Moore on May 9 signed into law House Bill 567/Senate Bill 541, the Maryland Online Data Privacy Act of 2024, making Maryland the 17th state to enact a comprehensive consumer data privacy law.
The Massachusetts Office of Attorney General (“AGO”) recently issued an Advisory on the development, supply, and use of artificial intelligence (“AI”). The Advisory provides guidance in the context of the Massachusetts Consumer Protection Act,[1] Anti-Discrimination Law,[2] Data Security Law,[3] and associated regulations.