On June 16, 2026, the Delaware General Assembly passed HB 380, which would amend the Delaware Personal Data Privacy Act (DPDPA). The bill is currently awaiting the Delaware governor’s signature, and if signed, the amendments would take effect on January 1, 2027. The amendment would impose the following:
Continue Reading Delaware General Assembly Passes HB 380, an Amendment to the Delaware Personal Data Privacy Act
Libbie Canter
Libbie Canter represents a wide variety of multinational companies on managing privacy, cyber security, and artificial intelligence risks, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with U.S. and global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state laws, including the California Consumer Privacy Act, the Colorado AI Act, and other state laws. As part of her practice, she also regularly represents clients in strategic transactions involving personal data, cybersecurity, and artificial intelligence risk and represents clients in enforcement and litigation postures.
Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations.
Chambers USA 2025 ranks Libbie in Band 3 Nationwide for both Privacy & Data Security: Privacy and Privacy & Data Security: Healthcare. Chambers USA notes, Libbie is "incredibly sharp and really thorough. She can do the nitty-gritty, in-the-weeds legal work incredibly well but she also can think of a bigger-picture business context and help to think through practical solutions."
Rhode Island Enacts Genetic Privacy Law
In what continues to be a busy year for genetic privacy developments, Rhode Island has joined the growing number of states regulating direct-to-consumer (“DTC”) genetic testing with its recently enacted genetic privacy law, S 2203. With S 2203, Rhode Island is the fifth state to enact genetic privacy legislation this year, following Utah, South Dakota, Connecticut, and Vermont.
Continue Reading Rhode Island Enacts Genetic Privacy LawVermont Enacts Privacy Legislation to Regulate Health-Related Information
Vermont recently enacted two privacy bills to regulate health-related information. These include H.639, a genetic privacy bill regulating direct-to-consumer genetic testing companies, and the Vermont Data Privacy and Online Surveillance Act (S.71), a comprehensive privacy law that extends heightened protections to “consumer health data.” You can read our full…
Continue Reading Vermont Enacts Privacy Legislation to Regulate Health-Related InformationVermont Data Privacy Bill Signed into Law
On June 16, 2026, the Vermont Governor signed into law the Vermont Data Privacy and Online Surveillance Act, making Vermont the fourth state to enact a comprehensive data privacy law this year. The law will take effect on January 1, 2028.
Continue Reading Vermont Data Privacy Bill Signed into LawConnecticut Enacts Genetic Privacy Law
States continue to enact laws regulating genetic data. Since our last update, the Connecticut governor has signed SB 4, an omnibus privacy law which contains provisions regulating direct-to-consumer (“DTC”) genetic testing companies. You can read our full analysis of SB 4 here.
Continue Reading Connecticut Enacts Genetic Privacy LawAlabama Enacts Comprehensive Privacy Law
On April 17, 2026, the Governor of Alabama signed HB 351, Alabama Personal Data Protection Act (ALDPA), into law. The law resembles Connecticut’s data privacy statute, but omits certain requirements, such as a data protection impact assessment. Alabama follows Oklahoma as the second state to enact a comprehensive privacy…
Continue Reading Alabama Enacts Comprehensive Privacy LawSeventh Circuit Holds that BIPA Amendment Applies Retroactively
On April 1, 2026, the Seventh Circuit in Clay v. Union Pacific Railroad Company held that an amendment to the Illinois Biometric Information Privacy Act (BIPA), limiting damages to a per-person basis, applies retroactively to cases pending when the amendment was enacted in 2024. This decision limits the potential statutory damages plaintiffs may obtain for pending BIPA cases.
Continue Reading Seventh Circuit Holds that BIPA Amendment Applies RetroactivelyUtah and South Dakota Enact Genetic Privacy Laws as Other States Advance Bills
At the state level, genetic privacy remains a fast-moving topic, and states continue to introduce and advance bills regulating genetic data.
Continue Reading Utah and South Dakota Enact Genetic Privacy Laws as Other States Advance BillsCalPrivacy Fines PlayOn Sports for Insufficient Opt-Out Process
On February 27, 2026, CalPrivacy and PlayOn settled a CCPA claim for $1.1 million. PlayOn is a digital ticketing platform used by schools and other organizations for ticketing, streaming, fundraising, concessions, merchandise sales, and website management. The settlement resolves allegations that PlayOn unlawfully “sold” and “shared” users’ personal information without providing sufficient opt-outs and notice, in violation of the CCPA. This marks the agency’s first enforcement action involving students’ data privacy.
Continue Reading CalPrivacy Fines PlayOn Sports for Insufficient Opt-Out ProcessConnecticut Attorney General Releases 2025 CTDPA Enforcement Report
The Connecticut Office of the Attorney General (“OAG”) issued an updated Enforcement Report (“Enforcement Report”) under the Connecticut Data Privacy Act (“CTDPA”). The Enforcement Report discusses the OAG’s enforcement actions in 2025 and suggests some areas of focus from the regulator, summarized below.
Continue Reading Connecticut Attorney General Releases 2025 CTDPA Enforcement Report