# Weekly Data Privacy and Security Update: January 19-27, 2026

## New AI Laws Take Effect in America

Several major artificial intelligence laws began on January 1, 2026, marking an important shift in how AI companies must behave. In California, the largest state, multiple new rules took effect to control different kinds of AI systems. One important law, called SB 53, requires large AI developers to publish reports about risks their systems might cause and tell the government about serious safety problems. This means companies like OpenAI and other major AI makers must be more transparent about potential dangers. Another law, AB 853, forces artificial intelligence systems that generate text and images to clearly explain how they work and what they are designed to do. These transparency requirements help regular people understand how AI is being used.

## Privacy Laws Spread Across Multiple States

California is not alone in protecting people's data. New comprehensive privacy laws went into effect on January 1 in Indiana, Kentucky, and Rhode Island. Oregon also updated its existing privacy law. These laws give people more control over their personal information and let them know when companies collect their data. Companies must now follow stricter rules about how they collect, use, and share information about individuals.

## Updated California Rules Focus on AI Decision-Making

California's updated privacy rules took effect on January 1, 2026, adding specific requirements for automated decision-making technology, which is a fancy term for computer systems that make important choices about people. The new rules require companies to conduct annual cybersecurity audits to check for weak spots in their security systems, perform data privacy risk assessments to identify potential problems, and provide notice before using automated decision systems on customers. These requirements have different start dates depending on whether a company is small or large. The California Privacy Protection Agency will focus on enforcing these rules in 2026, especially against companies that break the law.

## Reasoning AI Transforms Physical Security and Data Protection

One of the most exciting developments for data security is the rise of reasoning artificial intelligence, a new type of AI technology that understands not just what it sees, but why things are happening. Unlike older security cameras that simply detect objects, reasoning AI vision-language models can understand behaviors, context, and intent. This breakthrough could change how companies protect data centers and important facilities. AI data centers are getting enormous investments—OpenAI alone committed $1.4 trillion to build data center infrastructure, and Anthropic announced $50 billion in investment. These massive facilities need constant security monitoring, which human security officers cannot do alone. Reasoning AI provides human-governed agentic security, meaning AI agents work under human supervision to spot unusual activities and alert security teams. This represents a shift from reactive security (responding after something bad happens) to preventive security (stopping problems before they occur).

## Data Privacy Day Emphasizes AI Risks

Data Privacy Day on January 28 reminds the world that protecting personal information matters more than ever. The theme focuses on data protection through AI because artificial intelligence and automated systems now require access to massive amounts of personal data. According to security researchers, 82% of consumers stopped buying from companies they didn't trust with their data. The problem is that most people don't understand how their information is actually used. Companies collect data through APIs, bots, and automated partners, but people rarely know this is happening. The celebration encourages companies to build data protection into their systems from the start rather than adding it later, and to be clearer and more honest about what they do with customer information.

## AI-Driven Threats Expected to Increase

As AI technology becomes more powerful, cybercriminals are using AI to launch attacks too. AI-driven ransomware—malicious software powered by artificial intelligence—is expected to become a major threat in 2026. These attacks can be smarter and faster than traditional hacking methods. To protect themselves, companies must invest in employee training, enhance oversight of third-party vendors, and use privacy-protecting technologies like quantum-resistant encryption. Regulators expect companies to demonstrate they have strong, proactive cybersecurity measures in place.

## What Comes Next

Enforcement of these new privacy and AI laws is expected to increase significantly in 2026. Multiple state attorneys general are working together to investigate companies that break privacy rules, especially those not respecting consumer opt-out signals. As AI agents and automated systems become more common in business, the balance between innovation and protection will remain a top priority for lawmakers, companies, and security experts worldwide.