Our Privacy, Cyber & Data Strategy Team breaks down the Department of Defense’s finalized Cybersecurity Maturity Model Certification (CMMC) rule, which establishes a tiered compliance framework that will soon be mandatory for...more
Effective January 1, 2026, new legislation in California and Oklahoma will introduce important updates to each state’s breach notification requirements. These changes may significantly impact breach response obligations for...more
The day before the recent federal government shutdown, a ten-year old cybersecurity law expired before it could be reauthorized. The Cybersecurity Information Sharing Act of 2015 (“CISA”) provided a mechanism for private...more
The California Privacy Protection Agency (CPPA) has finalized sweeping new California Consumer Privacy Act (CCPA) regulations on automated decisionmaking technology (ADMT), cybersecurity audits, and privacy risk assessments....more
10/22/2025
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Privacy ,
Data Security ,
New Regulations ,
Regulatory Requirements ,
Risk Management ,
State Privacy Laws
The Cybersecurity and Infrastructure Security Agency (CISA) has extended the deadline for it to issue final rules about mandatory incident reporting for critical infrastructure entities. The original deadline of October 2025...more
On August 27, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the United States Department of Defense...more
Rhode Island has enacted Senate Bill 603 (SB603), effective July 2, 2025, establishing a comprehensive cybersecurity framework for nonbank financial institutions licensed by the state’s Department of Business Regulation...more
Microsoft Announces Two New On-Premises SharePoint Vulnerabilities - On July 19, 2025, Microsoft announced two new vulnerabilities that are actively being exploited (CVE-2025-49704 and CVE-2025-49706) and relate to...more
On July 31, 2025, the United States Department of Justice (DOJ) announced a $9.8 million settlement with Illumina, Inc. (Illumina) to resolve alleged False Claims Act (FCA) violations related to cybersecurity vulnerabilities...more
The Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and international partners issued an updated advisory on July 29, 2025, highlighting the evolving tactics, techniques, and...more
Introduction - On July 19, 2025, Microsoft announced two new vulnerabilities that are actively being exploited (CVE-2025-49704 and CVE-2025-49706) and that relate to on-premises Microsoft SharePoint instances that are exposed...more
In April 2025, SK Telecom—South Korea’s largest mobile carrier—formally notified regulators of a significant data breach that compromised sensitive SIM card data belonging to nearly 27 million users. Following an...more
The New York State Department of Health has issued an urgent cybersecurity advisory (the Advisory) warning of increased threat levels and a higher likelihood of cybersecurity attacks from Iranian state-backed actors following...more
Overview - On June 23, 2025, the New York State Department of Financial Services (“NYDFS”) issued an industry letter encouraging all regulated entities to review their cybersecurity and sanctions compliance programs in light...more
Our Privacy, Cyber & Data Strategy Team discusses how to overcome five challenges companies face in the wake of a data security incident when reviewing impacted data to comply with legal obligations....more
On July 8, 2025, the Department of Justice (“DOJ”) is set to lift its self-imposed pause on enforcing certain violations of its Rule Preventing Access to US Sensitive Personal Data and Government-Related Data by Countries of...more
6/24/2025
/ China ,
Compliance ,
Data Privacy ,
Data Security ,
Data Transfers ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Executive Orders ,
Foreign Entities ,
National Security ,
New Regulations ,
Personal Data
On June 6, 2025, President Trump issued an Executive Order (EO) on Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity, amending certain prior directives established by the Biden and Obama administrations....more
On May 1, 2025, the U.S. Department of Justice (DOJ) announced a settlement under the False Claims Act (FCA) involving defense contractors Raytheon Company (Raytheon), RTX Corporation (RTX), and Nightwing Group—the successor...more
Overview - On May 6, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the FBI, Environmental Protection Agency (EPA), and Department of Energy (DOE), issued a joint fact sheet titled...more
Our Privacy, Cyber & Data Strategy Team highlights the shift in priorities for privacy and cybersecurity regulation and enforcement across U.S. agencies under the second Trump Administration....more
On March 26, 2025, the United States Department of Justice (DOJ) announced that it had reached an agreement with MORSECORP Inc. (MORSE) to settle alleged violations of the False Claims Act (FCA), specifically regarding...more
On May 1, 2025, additional enhanced cybersecurity controls required by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) take...more
Eight years ago, on March 1, 2017, the New York Department of Financial Services enacted its landmark cybersecurity regulation covering financial services companies, 23 NYCRR Part 500, known as “Part 500.” Part 500 was the...more
Our Privacy, Cyber & Data Strategy Team highlights the increasingly specific cybersecurity controls identified by regulators, explains why these enhanced cybersecurity controls have become the focus of regulators, and shares...more
On March 13, 2025, the Federal Communications Commission’s (“FCC”) Chairman Brendan Carr announced the creation of a Council on National Security (the “Council”) with Adam Chan serving as the Director. This new Council will...more