Enforcement of the Indiana Consumer Data Protection Act (CDPA) has begun, and its penalties can add up quickly. The CDPA was signed in 2023 and became effective January 1, 2026. The law governs how covered businesses collect, use, disclose, store, and analyze “personal data,” i.e., nonpublic information linked or reasonably linkable to an identified or identifiable “consumer” (under the CDPA, a “consumer” is an Indiana resident acting for an individual, family, or household purpose).
Legal filings tied to major consumer protection laws accelerated late in the year, with December closing higher across several key categories and annual totals showing steady growth. Recent data from WebRecon points to expanding litigation activity and a continued increase in consumer complaints impacting the accounts receivable management sector.
On February 3, several U.S. senators sent a letter to CFPB Acting Director Russell Vought urging the Bureau to rescind its proposed rule that would end the ECOA’s disparate impact test, which would prevent the CFPB from taking action against creditors that maintain lending policies that “have an unfair impact on historically discriminated-against groups.” The senators argued that contrary to claims made by Vought in a recent op-ed, the proposed rule would “open the floodgates for discrimination in all consumer lending, including mortgages, credit cards, and car loans.”
The National Credit Union Administration today announced the fifth round of proposed regulatory changes associated with NCUA’s Deregulation Project. The project is an ongoing review of NCUA’s regulations to ensure regulations are focused on credit unions’ safety, soundness, and resilience.
The Federal Trade Commission sent letters to 13 data brokers warning them of their responsibility to comply with the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (PADFAA).
.jpg)
.jpg)