On February 25, 2026, the U.S. Office of the Comptroller of the Currency (OCC) issued a Notice of Proposed Rulemaking (NPRM) that would establish a federal framework for issuance and administration of payment stablecoins by permitted payment stablecoin issuers (PPSIs). The NPRM would implement the Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act) by, among other things, establishing approval requirements, permissible and prohibited activities, reserve standards, redemption obligations, capital and operational safeguards, and reporting expectations for permitted payment stablecoin issuers. PPSIs also would be integrated into the OCC’s broader prudential framework, including its capital, assessment, and enforcement authorities.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2025/01/MN-24013-Data-Matters-Blog-Imagery-Refresh_A_9.jpg606833Michael D. Lewishttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngMichael D. Lewis2026-03-06 15:36:122026-03-06 15:36:12U.S. Office of the Comptroller of the Currency Proposes Comprehensive Supervisory Framework for Payment Stablecoins Under GENIUS Act
State attorneys general increasingly are asserting authority in an area once viewed as the exclusive province of federal national security regulators — scrutinizing who can access sensitive personal data of U.S. persons, where that data flows, and whether foreign governments have legal rights or practical means to control or obtain the data. Recent actions by Florida, Texas, and Arizona Attorneys General illustrate a clear and accelerating trend — national security concerns are no longer abstract policy considerations in the data privacy space; they are becoming a basis for hands-on investigative and enforcement activity at the state level, increasingly aligned with parallel developments at the federal level.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00David Lashwayhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngDavid Lashway2026-03-05 09:47:542026-03-05 09:48:35From Tallahassee to Phoenix: States Move to Enforce National Security Limits on Access to Americans’ Sensitive Personal Data
In February 2026, two federal courts drew national attention by addressing generative AI in the privilege context. At first glance, the decisions appear incongruent: one denied privilege where AI was used; the other upheld work product protection in a similar context. Yet neither decision announced a shift in privilege law. Each applied existing principles to new factual settings. The practical implications are straightforward: understand the confidentiality terms governing AI platforms, ensure appropriate attorney involvement where privilege is sought, and maintain disciplined policies around AI-assisted legal analysis.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2025/02/MN-24013-Data-Matters-Blog-Imagery-Refresh_B_7.jpg606833David A. Gordonhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngDavid A. Gordon2026-03-03 09:04:202026-03-02 17:39:03Generative AI and Privilege: Practical Lessons from Two Early Decisions and What Comes Next
Last week, the House Energy and Commerce Committee voted to send the Right to Equitable and Professional Auto Industry Repair (REPAIR) Act to the full U.S. House of Representatives for consideration. This legislation, if enacted, would give car owners access to their vehicle-generated data and repair data and tools from vehicle manufacturers. It would also grant owners certain rights over the use of that data, including the right to delete it, and would prevent recipients of vehicle-generated data from selling, transferring, or licensing that data absent certain exceptions. As indicated by its name, the REPAIR Act is reflective of the so-called “right to repair” movement to allow consumers and independent repair shops access to the same data for repair and maintenance that manufacturers make available to themselves or franchised dealers. It also has important implications for data privacy in modern vehicles, which generate increasingly large volumes of information.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Adam M. Ravivhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngAdam M. Raviv2026-03-02 10:32:252026-03-02 18:15:22Congress Considers Right to Repair Bill for Vehicle Owners
On January 31, 2026, the governments of Japan and the United Kingdom announced they were strengthening their cybersecurity collaboration through a bilateral Strategic Cyber Partnership (Partnership).
https://datamatters.sidley.com/wp-content/uploads/sites/2/2026/02/AdobeStock_272314124-1.jpg244600John Woodshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngJohn Woods2026-02-27 10:54:382026-02-27 10:54:38Geopolitics and Cybersecurity: Japan and the UK Announce Strategic Cyber Partnership Among Growing Global Focus on Privacy and Cyber Risks Posed by Foreign Actors
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Francesca Blythehttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngFrancesca Blythe2026-02-19 14:48:412026-02-19 14:48:41UK Data Privacy and Cybersecurity Outlook for 2026: What Financial Services Firms Need To Know
Recent developments in children’s privacy and online safety regulation reflect a global shift away from notice-and-consent frameworks toward access restrictions, design mandates, categorical advertising prohibitions, and ecosystem-level age-assurance mechanisms. Using Australia’s under-16 social media ban as a case study, this article examines four converging regulatory trends emerging across the United States, Europe, and the United Kingdom. These developments increasingly affect product design, advertising, and data governance decisions for companies operating consumer-facing digital services.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2025/05/MN-24013-Data-Matters-Blog-Imagery-Refresh_A-19.jpg606833Michael C. Hochmanhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngMichael C. Hochman2026-02-13 10:25:202026-02-13 10:25:20Children’s Privacy in 2026: From Australia’s Under-16 Social Media Ban to a Shift Beyond Notice-and-Consent in the United States
Concerns about the impact of social media on children and adolescents have grown among U.S. lawmakers, parents, and public health officials. While federal oversight remains largely limited to narrow data privacy protections for minors, states have moved to fill the gap with a wave of laws governing minors’ access to and use of social media platforms. Companies should closely track these developments to anticipate new obligations and adapt their policies and procedures on a jurisdiction-by-jurisdiction basis. Read the full article to learn more about emerging state laws, enforcement trends, and practical steps companies can take to prepare.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Randi Singerhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngRandi Singer2026-02-12 13:01:572026-02-17 15:03:55Reviewing The Legal Landscape Of Social Media For Minors
U.S. Office of the Comptroller of the Currency Proposes Comprehensive Supervisory Framework for Payment Stablecoins Under GENIUS Act
On February 25, 2026, the U.S. Office of the Comptroller of the Currency (OCC) issued a Notice of Proposed Rulemaking (NPRM) that would establish a federal framework for issuance and administration of payment stablecoins by permitted payment stablecoin issuers (PPSIs). The NPRM would implement the Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act) by, among other things, establishing approval requirements, permissible and prohibited activities, reserve standards, redemption obligations, capital and operational safeguards, and reporting expectations for permitted payment stablecoin issuers. PPSIs also would be integrated into the OCC’s broader prudential framework, including its capital, assessment, and enforcement authorities.
(more…)
Michael D. Lewis
Washington, D.C.
michael.lewis@sidley.com
David E. Teitelbaum
Washington, D.C.
dteitelbaum@sidley.com
Kristin S. Teager
Washington, D.C.
kteager@sidley.com
Jess Cheng
New York
jcheng@sidley.com
Stanley J. Boris
Washington, D.C.
sboris@sidley.com
Matthew S. Katz
Washington, D.C.
matthew.katz@sidley.com
Nathan Truong
Washington, D.C.
nathan.truong@sidley.com
From Tallahassee to Phoenix: States Move to Enforce National Security Limits on Access to Americans’ Sensitive Personal Data
State attorneys general increasingly are asserting authority in an area once viewed as the exclusive province of federal national security regulators — scrutinizing who can access sensitive personal data of U.S. persons, where that data flows, and whether foreign governments have legal rights or practical means to control or obtain the data. Recent actions by Florida, Texas, and Arizona Attorneys General illustrate a clear and accelerating trend — national security concerns are no longer abstract policy considerations in the data privacy space; they are becoming a basis for hands-on investigative and enforcement activity at the state level, increasingly aligned with parallel developments at the federal level.
(more…)
David Lashway
Washington D.C.
dlashway@sidley.com
John Woods
Washington, D.C.
jwoods@sidley.com
Michael C. Hochman
Washington, D.C.
michael.hochman@sidley.com
Jennifer B. Seale
Washington, D.C.
jseale@sidley.com
Lauren Kitces
Washington, D.C.
lkitces@sidley.com
Cole R. Rianda
Washington, D.C.
crianda@sidley.com
Generative AI and Privilege: Practical Lessons from Two Early Decisions and What Comes Next
In February 2026, two federal courts drew national attention by addressing generative AI in the privilege context. At first glance, the decisions appear incongruent: one denied privilege where AI was used; the other upheld work product protection in a similar context. Yet neither decision announced a shift in privilege law. Each applied existing principles to new factual settings. The practical implications are straightforward: understand the confidentiality terms governing AI platforms, ensure appropriate attorney involvement where privilege is sought, and maintain disciplined policies around AI-assisted legal analysis.
(more…)
David A. Gordon
Chicago
dgordon@sidley.com
Takayuki Ono
Chicago, Tokyo
tono@sidley.com
Matt S. Jackson
Chicago
matthew.jackson@sidley.com
William J. Lawrence
Chicago
bill.lawrence@sidley.com
Kseniya K. Belysheva
Los Angeles
kbelysheva@sidley.com
Congress Considers Right to Repair Bill for Vehicle Owners
Last week, the House Energy and Commerce Committee voted to send the Right to Equitable and Professional Auto Industry Repair (REPAIR) Act to the full U.S. House of Representatives for consideration. This legislation, if enacted, would give car owners access to their vehicle-generated data and repair data and tools from vehicle manufacturers. It would also grant owners certain rights over the use of that data, including the right to delete it, and would prevent recipients of vehicle-generated data from selling, transferring, or licensing that data absent certain exceptions. As indicated by its name, the REPAIR Act is reflective of the so-called “right to repair” movement to allow consumers and independent repair shops access to the same data for repair and maintenance that manufacturers make available to themselves or franchised dealers. It also has important implications for data privacy in modern vehicles, which generate increasingly large volumes of information.
(more…)
Adam M. Raviv
Washington, D.C.
adam.raviv@sidley.com
Garrett Lance
Washington, D.C.
glance@sidley.com
Geopolitics and Cybersecurity: Japan and the UK Announce Strategic Cyber Partnership Among Growing Global Focus on Privacy and Cyber Risks Posed by Foreign Actors
On January 31, 2026, the governments of Japan and the United Kingdom announced they were strengthening their cybersecurity collaboration through a bilateral Strategic Cyber Partnership (Partnership).
(more…)
John Woods
Washington, D.C.
jwoods@sidley.com
Cole R. Rianda
Washington, D.C.
crianda@sidley.com
UK Data Privacy and Cybersecurity Outlook for 2026: What Financial Services Firms Need To Know
Last year saw many developments across the international data privacy and cybersecurity landscape, and this momentum shows no sign of slowing.
(more…)
Francesca Blythe
London
fblythe@sidley.com
William RM Long
London
wlong@sidley.com
Matthias Bruynseraede
London
mbruynseraede@sidley.com
Children’s Privacy in 2026: From Australia’s Under-16 Social Media Ban to a Shift Beyond Notice-and-Consent in the United States
Recent developments in children’s privacy and online safety regulation reflect a global shift away from notice-and-consent frameworks toward access restrictions, design mandates, categorical advertising prohibitions, and ecosystem-level age-assurance mechanisms. Using Australia’s under-16 social media ban as a case study, this article examines four converging regulatory trends emerging across the United States, Europe, and the United Kingdom. These developments increasingly affect product design, advertising, and data governance decisions for companies operating consumer-facing digital services.
(more…)
Michael C. Hochman
Washington, D.C.
michael.hochman@sidley.com
Colleen T. Brown
Washington, D.C.
ctbrown@sidley.com
Sheri Porath Rockwell
Century City
sheri.rockwell@sidley.com
Ben Cross
Chicago
bcross@sidley.com
Reviewing The Legal Landscape Of Social Media For Minors
(more…)
Randi Singer
New York, Palo Alto
randi.singer@sidley.com
Katie Clemmons
New York
katie.clemmons@sidley.com
Upcoming Events
Resources