2025 – 2026 State Law Surge Reshapes Compliance Landscape

As 2026 unfolded, one trend became impossible to ignore: state legislatures are no longer waiting on federal direction. Instead, they are actively redefining the rules governing data privacy, consumer protection, and debt collection practices across the country.

More than 800 privacy-related bills were introduced nationwide during the year, signaling a decisive shift toward state-led regulation. For agencies operating across multiple jurisdictions, this has created a fragmented and fast-moving compliance environment that requires constant attention.

Pam Kirchner, CEO of BCA Financial Services, captured this shift clearly:

“With the regulatory environment changing every month, the ACA State Guide Cohort has become essential for our team. It keeps us accurate, compliant, and informed with less effort.”

Data Privacy Laws Expand State-by-State

One of the defining regulatory themes of 2026 has been the rapid expansion of state-level data privacy laws. These laws are not just conceptual; they are also actively changing how agencies collect, classify, and use consumer information in day-to-day operations.

Key developments include:

Connecticut (SB 1295)

Connecticut enacted one of the most impactful privacy updates of the year by narrowing the scope of the GLBA exemption. Instead of broadly excluding financial data, the exemption now applies only to data directly regulated under GLBA. This change brings a wider range of ARM-related data, particularly operational and derived datasets, under state privacy requirements.

The law also expands what qualifies as “sensitive data,” including financial, biometric, and health-related information, while strengthening consumer rights around access, correction, and deletion. For agencies, this means reassessing data inventories, tightening internal controls, and ensuring compliance programs account for data that may have previously fallen outside regulatory scope.

Medical Debt and Collection Rules Tighten

Beyond privacy, states also took significant steps in 2025 to regulate debt collection practices, especially around medical debt. These laws reflect a broader effort to limit interest, reduce credit reporting consequences, and restrict the use of aggressive legal remedies.

Key developments include:

Virginia (HB 1725 – Medical Debt Protection Act)

Virginia’s Medical Debt Protection Act creates one of the more comprehensive state frameworks for medical debt. The law caps annual interest at 3%, requires a 90-day grace period after the final invoice before interest or late fees may accrue, and limits certain extraordinary collection actions.

For agencies and healthcare providers, the law creates new timing, disclosure, and account treatment considerations before medical accounts can move through the collection process.

Rhode Island (S 0169 & S 0172)

Rhode Island adopted a pair of medical debt laws aimed at reducing the long-term financial consequences of unpaid medical bills. The laws restrict credit reporting, prohibit wage garnishment for medical debt judgments, and prevent liens on a consumer’s primary residence.

These changes significantly narrow the legal tools available for medical debt recovery and require agencies to distinguish medical accounts from other debt types with greater precision.

Maryland (HB 1020 and related bills)

Maryland advanced a broader medical debt reform package focused on credit reporting, litigation, liens, and interest. The legislation bans reporting medical debt to credit bureaus and places tighter limits on how medical accounts may be pursued through legal channels.

This creates operational obligations not only for collection agencies, but also for healthcare providers, debt buyers, and consumer reporting agencies that touch medical debt workflows.

Maine (SP 237)

Maine’s SP 237 directly prohibits medical debt from appearing on consumer credit reports. It also restricts medical creditors, debt collectors, and debt buyers from furnishing medical debt information to consumer reporting agencies.

For the ARM industry, this reinforces a growing state-level trend: medical debt is being treated differently from other consumer obligations, especially when it comes to credit reporting and post-judgment remedies.

Together, these laws show how quickly medical debt policy is shifting at the state level. Agencies can no longer rely on uniform treatment of medical accounts across jurisdictions; instead, they need state-specific controls, account coding, vendor oversight, and ongoing monitoring to avoid compliance gaps.

A Fragmented but Active Regulatory Environment

What makes 2026 different is not just the volume of legislation, but the pace and variability of change. Requirements now differ significantly from state to state, affecting:

  • Data classification and handling
  • Consumer consent and opt-out processes
  • Credit reporting practices
  • Litigation and interest limitations

In many cases, even small differences in statutory language can lead to meaningful operational changes—whether in how accounts are worked, how consumers are contacted, or how data is stored and shared across systems.

For compliance teams, this is no longer a once-a-year review process. It is an ongoing operational requirement that demands continuous monitoring, quicker interpretation of new rules, and tighter alignment between legal, compliance, and frontline operations.

Keeping Up: The Role of ACA’s State Guide

In this environment, having a centralized, continuously updated resource has become critical.

ACA International’s State Guide to Collection Laws and Practices, including the State Guide Cohort, provides:

  • Coverage across all 50 states, D.C., and U.S. territories
  • Ongoing updates as legislation evolves
  • A dedicated privacy chapter reflecting recent regulatory trends
  • Monthly insights to help interpret new laws

Rather than tracking dozens of legislative changes individually, agencies can rely on a structured, reliable source to stay informed and reduce compliance risk.

As Kirchner’s experience highlights, the value is not just information—it’s clarity and confidence in a rapidly shifting landscape.

Looking Ahead

If 2026 has established anything, it’s that state-level regulation will continue to expand both in volume and complexity. What was once a relatively predictable compliance environment is now a constantly shifting landscape, where new rules can emerge, evolve, and take effect within a single legislative cycle.

Agencies that treat compliance as a dynamic, real-time function, rather than a static checklist, will be best positioned to adapt. That means building processes that allow for continuous monitoring, faster internal updates, and closer coordination across compliance, operations, and vendor partners.

It also means recognizing that compliance is no longer just about avoiding risk. Increasingly, it’s about maintaining operational stability, protecting consumer trust, and ensuring consistency across jurisdictions that may take very different regulatory approaches.

Staying informed is no longer optional. It’s a core part of operating in today’s accounts receivable management industry and a defining factor in how successfully organizations can navigate what comes next.

Published On: June 3rd, 2026|By |Categories: Industry News & Announcements|

Related Posts

Business financial chart with moving up arrow graph
Debt Collection Services Market Forecast Predicts Growth Through 2033, Driven by AI and Healthcare Collections

Debt Collection Services Market Forecast Predicts Growth Through 2033, Driven by AI and Healthcare Collections

June 2nd, 2026
Landmark Strategy Group Names Jamie Burns-Ostapenko Senior Director of Outsourcing

Landmark Strategy Group Names Jamie Burns-Ostapenko Senior Director of Outsourcing

June 1st, 2026
Fair Lending Groups Sue CFPB Over Regulation B Rollback on Disparate Impact, SPCPs

Fair Lending Groups Sue CFPB Over Regulation B Rollback on Disparate Impact, SPCPs

June 1st, 2026

News

Latest News

Regulatory News