Privacy-related regulatory penalties imposed by U.S. states on companies reached $3.45 billion last year, which is higher than the combined fines between 2020 and 2024, reports CyberScoop.Such a surge has been attributed to more stringent privacy laws, bolstered interstate law enforcement, and an increased focus on the ramifications of AI and automation on privacy, according to a Gartner report. Gartner analyst Nader Heinen said that regulators initially prioritized guidance over penalties. In 2025, enforcement became much stricter across many industries, and some companies were unprepared because they assumed early leniency would continue during the early rollout phase."Unfortunately what happens when so much time passes between the legislation and starting enforcement regularly, is a lot of organizations let their privacy program atrophy," Heinen said. California Privacy Protection Agency Executive Director Tom Kemp warned that preemption would weaken existing protections, eliminate state-level laws, and represent a step backward amid growing AI-related concerns.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds