https://www.mvalaw.com/data-points Fri, 13 Mar 2026 16:46:03 -0400 https://www.mvalaw.com/data-points/fifth-circuit-upends-longstanding-tcpa-written-consent-rule William "Bill" M. Butler data-points/fifth-circuit-upends-longstanding-tcpa-written-consent-rule Thu, 26 Feb 2026 09:00:01 -0500 Yesterday, the U.S. Court of Appeals for the Fifth Circuit held that telemarketing robocalls do not require written consent under the Telephone Consumer Protection Act of 1991 (“TCPA”). This landmark decision departs from longstanding interpretations of TCPA consent requirements.  And, importantly, it underscores how recent U.S. Supreme Court decisions curtailing deference to agency statutory interpretation opens the door for major change to regulatory frameworks.

]]> https://www.mvalaw.com/data-points/connecticut-data-privacy-act-updates-go-into-effect-this-year Anvi S. Yalavarthy data-points/connecticut-data-privacy-act-updates-go-into-effect-this-year Wed, 04 Feb 2026 09:00:02 -0500 Senate Bill 1295, entitled, An Act Concerning Broadband Internet, Gaming, Social Media, Online Services and Consumer Contracts (“Senate Bill 1295”, the “Senate Bill”, or the “Bill”), was passed by Connecticut legislature in June 2024 and was signed into law soon after. The Senate Bill amends various provisions of the Connecticut General Statutes, including various provisions of the Consumer Data Privacy and Online Monitoring Act (Conn. Gen. Stat. §§ 42-515 – 42-525) (the “Data Privacy Act”), with most of the changes taking effect starting in July 2026.

]]> https://www.mvalaw.com/data-points/president-trump-takes-aim-at-state-artificial-intelligence-regulation-with-limited-exceptions Tiffany E. Payne, Jules W. Carter data-points/president-trump-takes-aim-at-state-artificial-intelligence-regulation-with-limited-exceptions Thu, 18 Dec 2025 09:00:03 -0500 On December 11, 2025, the White House issued an Executive Order titled “Ensuring a National Policy Framework for Artificial Intelligence.”  This EO aims to establish a uniform and “minimally burdensome” Federal standard for AI regulation, including by directing the development of a federal legislative recommendation to preempt the current patchwork of varying state AI laws, except in a few discrete areas: “(i) child safety protections; (ii) AI compute and data center infrastructure, other than generally applicable permitting reforms; (iii) State government ...

]]> https://www.mvalaw.com/data-points/ransomware-reality-check-why-not-every-data-breach-creates-standing Karin M. McGinnis data-points/ransomware-reality-check-why-not-every-data-breach-creates-standing Mon, 24 Nov 2025 09:00:04 -0500 At MVA, we often help clients who are victims of cyber incidents where threat actors take data and threaten to release it unless they are paid. With ransomware attacks and data exfiltration common, companies face mounting pressure to assess litigation risk after a breach, and understanding the legal landscape is critical. Recent rulings from both federal and state courts underscore a key point: not every breach translates into standing for every affected individual.

]]> https://www.mvalaw.com/data-points/cfpb-enjoined-from-enforcing-personal-financial-data-rights-rule-1033 Anvi S. Yalavarthy, Todd C. Taylor data-points/cfpb-enjoined-from-enforcing-personal-financial-data-rights-rule-1033 Thu, 13 Nov 2025 09:00:05 -0500 On October 29th, the Eastern District of Kentucky (the “Court”) enjoined the CFPB from enforcing the Personal Financial Data Rights Rule (the “Rule”) until it has completed its reconsideration of the Rule.[1] The Rule had been released by the Consumer Protection Financial Bureau (“CFPB”) in October of 2024 pursuant to the CFPB’s authority under Section 1033 of the Dodd-Frank Act.[2] The Rule requires financial institutions to share consumers’ personal financial data with other providers at no cost upon the consumer’s request. The Court, having determined that challenges to the Rule were likely to succeed on the merits, has now enjoined the CFPB from enforcing the Rule, finding that requiring financial institutions to comply with the Rule while it is under reconsideration by the CFPB would cause irreparable harm.

]]> https://www.mvalaw.com/data-points/california-amends-data-breach-notification-requirements Clara G. Ilkka data-points/california-amends-data-breach-notification-requirements Tue, 11 Nov 2025 09:00:06 -0500 In October, California Governor Gavin Newson signed into law Senate Bill No. 446 (“SB 446”), amending the state’s data breach notification statute, California Civil Code Section 1798.82. SB 446 passed the California Senate and State Assembly unanimously. The law will go into effect on January 1, 2026, meaning that individuals or companies doing business in California will need to ensure their incident response plans are updated for the new year.

]]> https://www.mvalaw.com/data-points/colorados-ai-act-implementation-delayed Tandy B. Mathis data-points/colorados-ai-act-implementation-delayed Wed, 17 Sep 2025 09:00:07 -0400 In 2024, Colorado enacted the Colorado Artificial Intelligence Act, establishing the nation’s most comprehensive state-level frameworks for regulating high-risk AI systems. The law applies to AI used in consequential decision-making such as housing, employment, healthcare, education, and financial or lending services. The law was originally scheduled to take effect on February 1, 2026. However, recent legislative developments have altered that timeline and raised questions about the law’s future scope and implementation.

]]> https://www.mvalaw.com/data-points/getting-ready-for-marylands-online-data-privacy-act-a-new-trendsetter Karin M. McGinnis, Kimberly Short Kirk data-points/getting-ready-for-marylands-online-data-privacy-act-a-new-trendsetter Tue, 02 Sep 2025 09:00:08 -0400 We’re about one month away from the effective date of Maryland’s version of a state comprehensive privacy law--the Maryland Online Privacy Act (MODPA).

]]> https://www.mvalaw.com/data-points/cfpb-returns-to-rulemaking-on-personal-financial-data-rights-rule-1033 Todd C. Taylor, Clara G. Ilkka data-points/cfpb-returns-to-rulemaking-on-personal-financial-data-rights-rule-1033 Thu, 28 Aug 2025 09:00:09 -0400 On August 22nd, the Consumer Financial Protection Bureau (the “CFPB”) published an advanced notice of proposed rulemaking (an “ANPR”) relating to a reconsideration of the CFPB’s current Personal Financial Data Rights Rule (the “Current PFDR Rule”) that had been previously released in late 2024 pursuant to the authority of Section 1033 of the Dodd-Frank Act [1] . The Current PFDR Rule requires that data providers (i.e., banks and other financial institutions) make available to consumers and their authorized third parties (such as FinTech service providers) certain covered data in the data provider’s control or possession concerning a covered consumer financial account.

]]> https://www.mvalaw.com/data-points/a-red-state-model-for-comprehensive-ai-laws-texas-enacts-the-responsible-artificial-intelligence-governance-act Karin M. McGinnis, Jules W. Carter data-points/a-red-state-model-for-comprehensive-ai-laws-texas-enacts-the-responsible-artificial-intelligence-governance-act Thu, 03 Jul 2025 09:00:10 -0400 Effective January 1, 2026, the Texas Responsible Artificial Intelligence Governance Act (TX H.B. 149, 2025) takes a unique approach to AI regulation—pulling threads from the EU AI Act, Colorado's comprehensive AI statute, and national innovation policy, while weaving in Texas-specific priorities.

]]>