- within Compliance topic(s)
The Consortium of Privacy Regulators is growing. Meanwhile, CalPrivacy has announced a new program, a data broker "strike force."
Minnesota and New Hampshire have joined with Colorado, Connecticut, Delaware, Indiana, New Jersey, Oregon, and the California Privacy regulatory body (CalPrivacy) to coordinate on their enforcement of "comprehensive" privacy laws. The consortium was created earlier this year, with the stated goal of coordinating privacy law enforcement efforts. Since the consortium was created, California, Colorado and Connecticut joined together in September to investigate companies' alleged failure to honor sale opt-out requests and honor GPC signals.
Meanwhile, CalPrivacy announced that it will increase its oversight of data brokers. It has created a special team called the Data Broker Enforcement Strike Force. This team will ensure that companies are following rules about protecting consumer privacy and registering as data brokers. The strike force will have more resources to investigate violations. The strike force creation follows recent actions brought by the agency under California's Delete Act.
Putting it into Practice: The state-level actions are a reminder to those operating in the US. As we enter into 2026, expect more state level coordination and enforcement. This is a good time to assess if your privacy program takes an adaptive and principles-based approach. Do your training efforts go beyond memorization? Do you reward "small wins" and otherwise take an organizational change lens to your compliance efforts?
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
