Welcome to September's GrailMail! We’re back with essential updates, in depth analysis, and actionable insights to help you stay ahead of the curve in the data privacy landscape.
View in browser
DataGrail-Logo-HorizontalLockup-969690
GrailMail_Hero_Update_240531
 

Happy September, folks. ☀️

 

This month’s newsletter is packed with product updates, industry news, and must-read resources to help your team stay ahead of evolving privacy challenges.

Privacy risks are changing—fast. From the rapid rise of generative AI to sweeping global regulations and shifting consumer expectations, today’s privacy, security and legal teams are facing a wave of new challenges that demand better process, tooling and planning.

 

The Privacy Risk Summit is your guide to navigating what’s next. This half-day virtual event brings together expert insights, peer-driven discussion, and actionable tactics to help you future-proof your privacy program.

 

Hear from leading privacy professionals Omer Tene from Goodwin, Shannon Yavorsky from Orrick,  Dr. Gabriela Zanfir-Fortuna from Future of Privacy Forum, Andy Dale from OpenAP, and many more about AI’s impact on privacy risk, and real-world lessons.

Join us October 21 at 12pm ET/ 9am PT for a half-day virtual event bringing together global privacy leaders to explore:

  • Evolving regulations and compliance strategies
  • AI’s impact on privacy risk
  • Lessons from privacy pros leading from the front

👉 Reserve your spot here

Virtual Summit

Heading to IAPP PSR in San Diego next month? So are we! Swing by DataGrail’s booth (#319) for complimentary craft coffee, swag you will want to take home, and the energy boost you need for a packed event. While you fuel up, connect with DataGrail’s privacy pros to talk through the latest regulations, explore ways to elevate your data privacy program, and discover how to reduce risk across your business.
GrailMail Headers

⚖️ Court Ruling Backs U.S.–EU Data Transfer Framework

  • The European Court of Justice has upheld the validity of the latest transatlantic data transfer agreement, offering companies some long-awaited legal certainty. While challenges remain, this decision signals greater stability for cross-border data flows. Read more here.

🌐 Key California Privacy Bill Advances

  • The California legislature has cleared privacy legislation that would require universal opt-out signals to be recognized in browsers. If signed, the law could significantly strengthen consumer control and reshape how businesses handle online tracking. Read more here.

🏥 HIPAA Suit Over Online Data Sharing Tossed by Federal Judge

  • A federal judge dismissed a proposed class action claiming a health provider’s online tracking tools improperly shared patient data, ruling that HIPAA does not give individuals a private right to sue. The decision highlights ongoing tension between consumer expectations, health data protections, and legal remedies. Read more here.

Tracking Privacy Legislation, Regulations, and Actions

 

CPPA Finalizes Rules to Strengthen Consumer Privacy: Cybersecurity Audits, Risk Assessments, and ADMT

  • On September 23, 2025, the California Privacy Protection Agency (CPPA) finalized regulations on cybersecurity audits, risk assessments, and automated decisionmaking technology (ADMT), with phased deadlines starting January 1, 2026 and ADMT requirements by 2027. These rules mark the most comprehensive update to California’s privacy framework since the CCPA was enacted. Read more here.

California Attorney General Launches Multi-State Privacy Sweep on Opt-Out Violations

  • California Attorney General Rob Bonta, together with Colorado and Connecticut, has launched a multi-state investigation into businesses that fail to honor consumers’ requests to opt out of the sale of personal data via the Global Privacy Control (GPC). Read more here.

Colorado lawmakers delay the nation’s first statewide AI law to June 2026 

  • The Colorado AI Act (CAIA), originally set to take effect February 1, 2026, has been delayed to June 30, 2026. The delay provides businesses, particularly HR departments using AI in hiring, additional time to prepare for the law’s stringent compliance requirements amid ongoing debates and federal pressures. Read more here.
September
May

GrailMail Headers (2)

Join us on October 7th at 10AM PT for an overview of the DataGrail platform and a quick, comprehensive demo of how privacy teams use AI-powered privacy automation to find where sensitive data lives, eliminate risks, and meet ever-evolving regulatory demands.

Join live product demo and Q&A

Our latest product releases make it easier to operationalize privacy and deliver stronger business value:

  • Streamlined Request Manager: Accelerate intake and fulfillment with a refreshed design and improved performance.
  • Enhanced Vendor Assessments: More visibility into third-party risk with new reporting options and system insights.
  • AI Risk Insights: Expanded capabilities to help privacy teams surface and assess AI risk across their business.

Check out the full monthly product release blog here.
GrailMail Headers (3)

What You Need to Know About Maryland’s New Privacy Law

  • Maryland's new data privacy law, MODPA, takes effect on October 1, 2025. . Here’s what businesses need to know to prepare. 

Privacy Is a Team Sport

  • From marketing to security to legal, every team has a role to play in protecting personal data. This blog explores how to get everyone aligned. 

Announcing the 2025 Data Privacy Heroes

  • We’re celebrating the champions driving meaningful change in privacy across industries. Meet this year’s honorees. 

State Privacy Enforcement and Litigation in 2025: What Every Business Needs to Know

  • In this blog we unpack how privacy enforcement is expanding, highlight emerging risks for organizations of all sizes, and provide concrete steps to strengthen your privacy program.

This AI Prompt Can Transform Vendor Privacy Risk Assessments

  • Check out this 649-word AI prompt that makes GPT-5 act as a vendor privacy risk assessor—designed to cut assessment times from hours to minutes while surfacing risks that matter most.

Are you passionate about privacy, legal, or security issues? Want to connect with like-minded professionals and stay ahead in a rapidly evolving landscape?

 

Become a member of our Privacy Community!

Privacy_Community

We’ve got everything from privacy law updates to career tips, monthly privacy huddles, and exclusive resources tailored for the privacy community. Don’t miss out on the chance to be part of a vibrant network committed to advancing data privacy.

See you next time! 👋

Colleen

This was sent to your email. If you do not wish to receive news and product updates in this format, please manage your preferences below.

© 2024 DataGrail, Inc. and/or its affiliates. All rights reserved.
Various trademarks held by their respective owners.

DataGrail, 225 Bush Street, Suite 360, San Francisco, CA 94104

Unsubscribe Manage preferences

DataGrail-Emblem-969690
LinkedIn
X
YouTube