The District of Columbia Data Privacy and Protection Act of 2026 aims to enhance privacy protections for personal data collected, used, sold, or disclosed by government agencies and third parties. A key feature of the legislation is the establishment of a Chief Privacy Officer (CPO) within the Office of the Chief Technology Officer (OCTO), who will oversee compliance with privacy measures and coordinate cybersecurity and data governance. The bill mandates that agencies obtain affirmative consent before selling or transferring personal data, limit data collection to necessary information, and implement strong data security practices. It also grants individuals enforceable rights over their personal data, including the ability to confirm data collection, access copies of their data, correct inaccuracies, and opt-out of data sales.

Additionally, the bill empowers the Office of the Attorney General (OAG) to enforce compliance by issuing directives, requiring corrective actions, and imposing administrative remedies for violations. The OAG will monitor agency practices and may mandate periodic reporting on data handling. The act will take effect once its fiscal impact is included in an approved budget and will undergo a 30-day congressional review period after receiving approval from the Mayor. Overall, the legislation seeks to promote responsible data usage while enhancing transparency and accountability in government data practices.