Data Matters In Cybersecurity

In Bradley v. DentalPlans.com, 2026 WL 788856 (D. Md. Mar. 20, 2026), a federal district court in Maryland held that the Telephone Consumer Protection Act (TCPA or Act) does not require written consent before a person can receive automated or prerecorded telemarketing calls. The decision adds to a growing list of post-Loper Bright cases rejecting a rule by the Federal Communications Commission (FCC or Commission) requiring written (rather than verbal) consent. The post Maryland District Court Relies on <em>Loper Bright</em> to Hold Written Consent for Telemarketing Calls Not Required appeared first on Data Matters Privacy Blog.

For many years, the privacy community took the position that the state of California was the leading data privacy regulator. The state of New York, with its active cyber enforcement by the New York Department of Financial Services, was a close second. However, in the past two years, Texas has emerged not only as a significant privacy regulator but also as an aggressive enforcer of its laws. The post There’s a New Sheriff in Town — Texas as Privacy Regulator appeared first on Data Matters Privacy Blog.

On March 20, 2026, the U.S. Court of Appeals for the Fifth Circuit granted Intuit’s petition for review and vacated a cease-and-desist order from the U.S. Federal Trade Commission (FTC or Commission) related to Intuit’s marketing of TurboTax because “[f]ollowing the Supreme Court’s decision in SEC v. Jarkesy … the adjudication of a deceptive advertising claim before an administrative law judge [ALJ] violated the constitutional separation of powers.”1 The post Fifth Circuit Holds U.S. FTC’s In-House Adjudication of Deceptive Advertising Claim Unconstitutional Under <em>Jarkesy</em> appeared first on Data Matters Privacy Blog.

On March 17, 2026, the U.S. SEC issued a commission-level interpretive release, “Application of the Federal Securities Laws to Certain Types of Crypto Assets and Certain Transactions Involving Crypto Assets” (the Interpretation.)1 The Interpretation is the SEC’s most comprehensive statement to date on the application of the Securities Act of 1933 and the Securities Exchange Act of 1934 (together, the Securities Laws) to crypto assets and provides market participants with meaningful certainty. The post SEC Releases Landmark Interpretation on Application of U.S. Securities Laws to Crypto Assets, in Coordination With CFTC appeared first on Data Matters Privacy Blog.

The New Cyber Doctrine of the United States: The Trump Administration Issues Cyber Strategy and Executive Order Targeting Cybercrime On March 6, 2026, the Trump Administration released President Trump’s Cyber Strategy for America, and an Executive Order targeting cyber-enabled crime, fraud, and predatory schemes.   Together these documents do more than merely outline the Administration’s response to cyber threats; they articulate a new cyber doctrine centered on imposing costs on adversaries and mobilizing both government and private-sector capabilities at scale. The post The New Cyber Doctrine of the United States: The Trump Administration Issues Cyber Strategy and Executive Order Targeting Cybercrime appeared first on Data Matters Privacy Blog.

On February 25, 2026, the U.S. Office of the Comptroller of the Currency (OCC) issued a Notice of Proposed Rulemaking (NPRM) that would establish a federal framework for issuance and administration of payment stablecoins by permitted payment stablecoin issuers (PPSIs). The NPRM would implement the Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act) by, among other things, establishing approval requirements, permissible and prohibited activities, reserve standards, redemption obligations, capital and operational safeguards, and reporting expectations for permitted payment stablecoin issuers. PPSIs also would be integrated into the OCC’s broader prudential framework, including its capital, assessment, and enforcement authorities. The post U.S. Office of the Comptroller of the Currency Proposes Comprehensive Supervisory Framework for Payment Stablecoins Under GENIUS Act appeared first on Data Matters Privacy Blog.

State attorneys general increasingly are asserting authority in an area once viewed as the exclusive province of federal national security regulators — scrutinizing who can access sensitive personal data of U.S. persons, where that data flows, and whether foreign governments have legal rights or practical means to control or obtain the data. Recent actions by Florida, Texas, and Arizona Attorneys General illustrate a clear and accelerating trend — national security concerns are no longer abstract policy considerations in the data privacy space; they are becoming a basis for hands-on investigative and enforcement activity at the state level, increasingly aligned with parallel developments at the federal level. The post From Tallahassee to Phoenix: States Move to Enforce National Security Limits on Access to Americans’ Sensitive Personal Data appeared first on Data Matters Privacy Blog.

In February 2026, two federal courts drew national attention by addressing generative AI in the privilege context. At first glance, the decisions appear incongruent: one denied privilege where AI was used; the other upheld work product protection in a similar context. Yet neither decision announced a shift in privilege law. Each applied existing principles to new factual settings. The practical implications are straightforward: understand the confidentiality terms governing AI platforms, ensure appropriate attorney involvement where privilege is sought, and maintain disciplined policies around AI-assisted legal analysis. The post Generative AI and Privilege: Practical Lessons from Two Early Decisions and What Comes Next appeared first on Data Matters Privacy Blog.

Last week, the House Energy and Commerce Committee voted to send the Right to Equitable and Professional Auto Industry Repair (REPAIR) Act to the full U.S. House of Representatives for consideration. This legislation, if enacted, would give car owners access to their vehicle-generated data and repair data and tools from vehicle manufacturers. It would also grant owners certain rights over the use of that data, including the right to delete it, and would prevent recipients of vehicle-generated data from selling, transferring, or licensing that data absent certain exceptions. As indicated by its name, the REPAIR Act is reflective of the so-called “right to repair” movement to allow consumers and independent repair shops access to the same data for repair and maintenance that manufacturers make available to themselves or franchised dealers. It also has important implications for data privacy in modern vehicles, which generate increasingly large volumes of information. The post Congress Considers Right to Repair Bill for Vehicle Owners appeared first on Data Matters Privacy Blog.

On January 31, 2026, the governments of Japan and the United Kingdom announced they were strengthening their cybersecurity collaboration through a bilateral Strategic Cyber Partnership (Partnership). The post Geopolitics and Cybersecurity: Japan and the UK Announce Strategic Cyber Partnership Among Growing Global Focus on Privacy and Cyber Risks Posed by Foreign Actors appeared first on Data Matters Privacy Blog.