Last week, the Seventh Circuit issued a critical opinion for companies facing lawsuits under the Illinois Biometric Information Privacy Act (“BIPA”). In Clay v. Union Pacific Railroad Co., No. 25-2185, 2026 WL 891902 (7th Cir. Apr. 1, 2026), the court held that a 2024 amendment to BIPA that limited damages to one recovery per person and not “per-scan” (each time a biometric identifier is collected) applies retroactively to cases pending at the time the amendment was enacted.
As courts have begun addressing generative AI in the privilege and work product context, they are also confronting related disputes in the context of protective orders. Recent decisions Morgan v. V2X, Inc. and Jeffries v. Harcros Chemicals, Inc. show that disagreements about how protective orders should address the use of AI in discovery — issues previously handled through negotiation — now will be informed by guidance from the courts.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2025/01/MN-24013-Data-Matters-Blog-Imagery-Refresh_B_10.jpg606833David A. Gordonhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngDavid A. Gordon2026-04-06 15:37:192026-04-06 15:37:19Generative AI in Discovery: Protective Orders as an Emerging Point of Dispute
In Bradley v. DentalPlans.com, 2026 WL 788856 (D. Md. Mar. 20, 2026), a federal district court in Maryland held that the Telephone Consumer Protection Act (TCPA or Act) does not require written consent before a person can receive automated or prerecorded telemarketing calls. The decision adds to a growing list of post-Loper Bright cases rejecting a rule by the Federal Communications Commission (FCC or Commission) requiring written (rather than verbal) consent.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Ian M. Rosshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngIan M. Ross2026-03-27 14:54:122026-03-30 17:18:35Maryland District Court Relies on Loper Bright to Hold Written Consent for Telemarketing Calls Not Required
For many years, the privacy community took the position that the state of California was the leading data privacy regulator. The state of New York, with its active cyber enforcement by the New York Department of Financial Services, was a close second. However, in the past two years, Texas has emerged not only as a significant privacy regulator but also as an aggressive enforcer of its laws.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2025/05/MN-24013-Data-Matters-Blog-Imagery-Refresh_A-19.jpg606833Garrett Lancehttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngGarrett Lance2026-03-26 09:42:132026-03-26 09:42:13There’s a New Sheriff in Town — Texas as Privacy Regulator
On March 20, 2026, the U.S. Court of Appeals for the Fifth Circuit granted Intuit’s petition for review and vacated a cease-and-desist order from the U.S. Federal Trade Commission (FTC or Commission) related to Intuit’s marketing of TurboTax because “[f]ollowing the Supreme Court’s decision in SEC v. Jarkesy … the adjudication of a deceptive advertising claim before an administrative law judge [ALJ] violated the constitutional separation of powers.”1
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00David R. Carpenterhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngDavid R. Carpenter2026-03-25 09:04:082026-03-26 12:38:44Fifth Circuit Holds U.S. FTC’s In-House Adjudication of Deceptive Advertising Claim Unconstitutional Under Jarkesy
On March 17, 2026, the U.S. SEC issued a commission-level interpretive release, “Application of the Federal Securities Laws to Certain Types of Crypto Assets and Certain Transactions Involving Crypto Assets” (the Interpretation.)1 The Interpretation is the SEC’s most comprehensive statement to date on the application of the Securities Act of 1933 and the Securities Exchange Act of 1934 (together, the Securities Laws) to crypto assets and provides market participants with meaningful certainty.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2025/05/MN-24013-Data-Matters-Blog-Imagery-Refresh_B_4.jpg606833Lilya Tesslerhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngLilya Tessler2026-03-24 13:28:462026-03-24 13:28:46SEC Releases Landmark Interpretation on Application of U.S. Securities Laws to Crypto Assets, in Coordination With CFTC
The New Cyber Doctrine of the United States: The Trump Administration Issues Cyber Strategy and Executive Order Targeting Cybercrime
On March 6, 2026, the Trump Administration released President Trump’s Cyber Strategy for America, and an Executive Order targeting cyber-enabled crime, fraud, and predatory schemes. Together these documents do more than merely outline the Administration’s response to cyber threats; they articulate a new cyber doctrine centered on imposing costs on adversaries and mobilizing both government and private-sector capabilities at scale.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00David Lashwayhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngDavid Lashway2026-03-10 18:48:502026-03-10 20:31:08The New Cyber Doctrine of the United States: The Trump Administration Issues Cyber Strategy and Executive Order Targeting Cybercrime
On February 25, 2026, the U.S. Office of the Comptroller of the Currency (OCC) issued a Notice of Proposed Rulemaking (NPRM) that would establish a federal framework for issuance and administration of payment stablecoins by permitted payment stablecoin issuers (PPSIs). The NPRM would implement the Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act) by, among other things, establishing approval requirements, permissible and prohibited activities, reserve standards, redemption obligations, capital and operational safeguards, and reporting expectations for permitted payment stablecoin issuers. PPSIs also would be integrated into the OCC’s broader prudential framework, including its capital, assessment, and enforcement authorities.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2025/01/MN-24013-Data-Matters-Blog-Imagery-Refresh_A_9.jpg606833Michael D. Lewishttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngMichael D. Lewis2026-03-06 15:36:122026-03-06 15:36:12U.S. Office of the Comptroller of the Currency Proposes Comprehensive Supervisory Framework for Payment Stablecoins Under GENIUS Act
Seventh Circuit Limits Potential Damages Under BIPA, Holds 2024 Amendment Applies Retroactively
Last week, the Seventh Circuit issued a critical opinion for companies facing lawsuits under the Illinois Biometric Information Privacy Act (“BIPA”). In Clay v. Union Pacific Railroad Co., No. 25-2185, 2026 WL 891902 (7th Cir. Apr. 1, 2026), the court held that a 2024 amendment to BIPA that limited damages to one recovery per person and not “per-scan” (each time a biometric identifier is collected) applies retroactively to cases pending at the time the amendment was enacted.
(more…)
Kathleen Carlson
Chicago
kathleen.carlson@sidley.com
Lawrence P. Fogel
Chicago
lawrence.fogel@sidley.com
Andrew F. Rodheim
Chicago
arodheim@sidley.com
W. Stuart Whitney
Chicago
wstuart.whitney@sidley.com
Generative AI in Discovery: Protective Orders as an Emerging Point of Dispute
As courts have begun addressing generative AI in the privilege and work product context, they are also confronting related disputes in the context of protective orders. Recent decisions Morgan v. V2X, Inc. and Jeffries v. Harcros Chemicals, Inc. show that disagreements about how protective orders should address the use of AI in discovery — issues previously handled through negotiation — now will be informed by guidance from the courts.
(more…)
David A. Gordon
Chicago
dgordon@sidley.com
Takayuki Ono
Chicago, Tokyo
tono@sidley.com
Matt S. Jackson
Chicago
matthew.jackson@sidley.com
Daniel Lim
Washington, D.C.
daniel.lim@sidley.com
Stephen Beemsterboer
Chicago
sbeemsterboer@sidley.com
Kseniya K. Belysheva
Los Angeles
kbelysheva@sidley.com
Maryland District Court Relies on Loper Bright to Hold Written Consent for Telemarketing Calls Not Required
In Bradley v. DentalPlans.com, 2026 WL 788856 (D. Md. Mar. 20, 2026), a federal district court in Maryland held that the Telephone Consumer Protection Act (TCPA or Act) does not require written consent before a person can receive automated or prerecorded telemarketing calls. The decision adds to a growing list of post-Loper Bright cases rejecting a rule by the Federal Communications Commission (FCC or Commission) requiring written (rather than verbal) consent.
(more…)
Ian M. Ross
Miami
iross@sidley.com
Jacquelyn E. Fradette
Washington, D.C.
jfradette@sidley.com
Peter Bruland
Washington, D.C.
pbruland@sidley.com
Michael Loedel
Washington, D.C.
michael.loedel@sidley.com
There’s a New Sheriff in Town — Texas as Privacy Regulator
For many years, the privacy community took the position that the state of California was the leading data privacy regulator. The state of New York, with its active cyber enforcement by the New York Department of Financial Services, was a close second. However, in the past two years, Texas has emerged not only as a significant privacy regulator but also as an aggressive enforcer of its laws.
(more…)
Garrett Lance
Washington, D.C.
glance@sidley.com
Fifth Circuit Holds U.S. FTC’s In-House Adjudication of Deceptive Advertising Claim Unconstitutional Under Jarkesy
On March 20, 2026, the U.S. Court of Appeals for the Fifth Circuit granted Intuit’s petition for review and vacated a cease-and-desist order from the U.S. Federal Trade Commission (FTC or Commission) related to Intuit’s marketing of TurboTax because “[f]ollowing the Supreme Court’s decision in SEC v. Jarkesy … the adjudication of a deceptive advertising claim before an administrative law judge [ALJ] violated the constitutional separation of powers.”1
(more…)
David R. Carpenter
Los Angeles
drcarpenter@sidley.com
Gordon D. Todd
Washington, D.C.
gtodd@sidley.com
Kenneth G. Coffin
Dallas
kenneth.coffin@sidley.com
SEC Releases Landmark Interpretation on Application of U.S. Securities Laws to Crypto Assets, in Coordination With CFTC
On March 17, 2026, the U.S. SEC issued a commission-level interpretive release, “Application of the Federal Securities Laws to Certain Types of Crypto Assets and Certain Transactions Involving Crypto Assets” (the Interpretation.)1 The Interpretation is the SEC’s most comprehensive statement to date on the application of the Securities Act of 1933 and the Securities Exchange Act of 1934 (together, the Securities Laws) to crypto assets and provides market participants with meaningful certainty.
(more…)
Lilya Tessler
Dallas, Miami
ltessler@sidley.com
Sonia Gupta Barros
Washington, D.C.
sbarros@sidley.com
Andrew P. Blake
Washington, D.C.
ablake@sidley.com
Cliff Cone
New York
cliff.cone@sidley.com
Kate Lashley
Miami, New York
klashley@sidley.com
Peter Malyshev
Washington, D.C.
peter.malyshev@sidley.com
Andrew J. Sioson
Washington, D.C.
asioson@sidley.com
Charles A. Sommers
Washington, D.C.
csommers@sidley.com
The New Cyber Doctrine of the United States: The Trump Administration Issues Cyber Strategy and Executive Order Targeting Cybercrime
The New Cyber Doctrine of the United States: The Trump Administration Issues Cyber Strategy and Executive Order Targeting Cybercrime
On March 6, 2026, the Trump Administration released President Trump’s Cyber Strategy for America, and an Executive Order targeting cyber-enabled crime, fraud, and predatory schemes. Together these documents do more than merely outline the Administration’s response to cyber threats; they articulate a new cyber doctrine centered on imposing costs on adversaries and mobilizing both government and private-sector capabilities at scale.
(more…)
David Lashway
Washington D.C.
dlashway@sidley.com
John Woods
Washington, D.C.
jwoods@sidley.com
Jennifer B. Seale
Washington, D.C.
jseale@sidley.com
Cole R. Rianda
Washington, D.C.
crianda@sidley.com
Philip Robbins
Washington, D.C.
probbins@sidley.com
U.S. Office of the Comptroller of the Currency Proposes Comprehensive Supervisory Framework for Payment Stablecoins Under GENIUS Act
On February 25, 2026, the U.S. Office of the Comptroller of the Currency (OCC) issued a Notice of Proposed Rulemaking (NPRM) that would establish a federal framework for issuance and administration of payment stablecoins by permitted payment stablecoin issuers (PPSIs). The NPRM would implement the Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act) by, among other things, establishing approval requirements, permissible and prohibited activities, reserve standards, redemption obligations, capital and operational safeguards, and reporting expectations for permitted payment stablecoin issuers. PPSIs also would be integrated into the OCC’s broader prudential framework, including its capital, assessment, and enforcement authorities.
(more…)
Michael D. Lewis
Washington, D.C.
michael.lewis@sidley.com
David E. Teitelbaum
Washington, D.C.
dteitelbaum@sidley.com
Kristin S. Teager
Washington, D.C.
kteager@sidley.com
Jess Cheng
New York
jcheng@sidley.com
Stanley J. Boris
Washington, D.C.
sboris@sidley.com
Matthew S. Katz
Washington, D.C.
matthew.katz@sidley.com
Nathan Truong
Washington, D.C.
nathan.truong@sidley.com
Upcoming Events
AI and Patent Law: Navigating a Changing Landscape
Resources