Collections news at your fingertips

Today’s podcast features the second part of a repurposed webinar produced on September 3, 2025, which dives into the legal risks, compliance challenges, and emerging constitutional questions stemming from the GENIUS Act. The conversation examines the strict prohibition of deceptive claims regarding federal backing or insurance for stablecoins, highlighting the significant civil liabilities and penalty provisions attached to violations.

On October 21, 2025, the New York Department of Financial Services (the “DFS”) issued important guidance for covered entities (including all DFS licensees) for managing their cybersecurity risk related to third-party service providers (“TPSPs”). Industry Letter – October 21, 2025: Guidance on Managing Risks Related to Third-Party Service Providers | Department of Financial Services specifically includes the covered entity’s use of cloud, file transfer, AI and fintech providers (“Guidance”). According to the DFS, the “Guidance does not impose new requirements or obligations . . ..”

While October 1, 2025—the effective date of Maryland’s Online Data Privacy Act (“MODPA” or the ​“Act”)—has come and gone, businesses still have some time to ensure their practices are compliant.  By its own terms, MODPA does not apply to ​“any personal data processing activities before April 1, 2026,” (though it requires data protection assessments for certain processing activities that occur on or after October 1, 2025) and requires the Maryland Attorney General to consider whether to provide a 60-day cure period for alleged violations until April 1, 2027.  With these buffers in mind, we highlight some of the particularly challenging features of MODPA and practical ways that businesses can address them.

As long as you are prepared, there is no need to fear complying with new privacy regulations going into effect in 2026 and beyond. The Halloween 2025 edition of Hinshaw’s Privacy, Cyber and AI Decoded covers the newly-approved California Consumer Privacy Act (CCPA) and revised Colorado privacy regulations. Since these regulatory changes will impact most businesses, we cover key takeaways and compliance planning steps for each of these laws below.

Long-awaited revisions to the California Consumer Privacy Act (CCPA) Regulations were recently approved by the California Office of Administrative Law (OAL) on September 22, 2025. These revisions come after a year-long process of debate and public comment and will take effect on January 1, 2026 (with some provisions delayed until 2027).