From all of us at VanRein Compliance, thank you for trusting us with your compliance journey in 2025! It’s a privilege to support your team, protect your data, and be part of the important work you do every day.

We hope today is a true pause: time with the people who matter most, fewer alerts, and a little extra room to breathe before the new year begins.

⏰ A Quick Holiday Hours Reminder

As a quick reminder of our holiday schedule:

• VRC is closed from December 23 to January 2.

• We’ll resume normal operations on Monday, January 5.

• Any standing calls or cadence meetings that fall in this window will be canceled or rescheduled. Your VRC team will follow up with new times as needed.

If something urgent comes up while we’re away, you can still reach us:

• VRC1 chat or email: [email protected]

• Training questions/requests: [email protected]

From our team to yours: Merry Christmas, and thank you for your continued partnership!

Check out VRC’s Christmas Merch Collection now!

New State Privacy Laws on the Horizon for 2026

As we wrap up 2025, it’s a good moment between celebrations to glance at what’s coming next. Several U.S. states have new or updated privacy laws taking effect in 2026 that may impact how you handle consumer and patient data, especially if you operate across multiple states.

New Laws Taking Effect in 2026

• Kentucky – Kentucky Consumer Data Protection Act
  Becomes effective January 1, 2026, setting out new rights for Kentucky consumers and obligations for organizations processing their data.

• Indiana – Indiana Consumer Data Protection Act (ICDPA)
  Also effective January 1, 2026, with requirements around transparency, data subject rights, and governance for covered entities.

• Rhode Island – Data Transparency and Privacy Protection Act
  Effective January 1, 2026, focused on transparency, data practices, and giving Rhode Island residents more control over their personal information.

Amendments & Changes to Watch in 2026

• Connecticut – Expanded “Sensitive Data”
  Under the Connecticut Data Privacy Act, amendments are slated for July 1, 2026, adding new categories like neural data to “sensitive data” definitions.

• Oregon – Privacy Law Updates
  Oregon will introduce new restrictions in 2026, including limits on selling precise geolocation data and tighter rules around targeted advertising to minors.

• Virginia – VCDPA Changes (Reported)
  Some trackers list new age-related obligations for social media platforms starting in 2026 under the VCDPA; organizations should confirm final regulatory text and guidance.

• California – Breach Notification Tightening
  California has recently amended its breach notification law to shorten timelines (e.g., 30-day notice); 2026 will be an important year to watch how enforcement and implementation unfold.

Even on Christmas, you don’t need to dive deep but it helps to know what’s coming. As you plan 2026 roadmaps, it may be worth flagging these states for updates to your privacy policies, consent flows, vendor contracts, and incident response plans.

Book a Discovery Call to get ahead of 2026’s state privacy changes and map out what Kentucky, Indiana, Rhode Island, and the other updates mean for your program. If you’re already working with us, reach out anytime so we can fold these new requirements into your 2026 roadmap early.