Companies that map data breach trend lines against industry-specific obligations can convert raw statistics into risk governance strategies. This exercise can be especially valuable amid fast-shifting attack techniques,...more
12/5/2025
/ Corporate Counsel ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Financial Services Industry ,
Healthcare ,
Ransomware ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Assessment ,
Risk Management
On November 20, 2025, the U.S. Securities and Exchange Commission (SEC) filed a joint stipulation with SolarWinds Corp. and its chief information security officer (CISO), Timothy Brown, to dismiss with prejudice the...more
12/3/2025
/ Chief Information Security Officer (CISO) ,
Corporate Counsel ,
Corporate Governance ,
Cybersecurity ,
Disclosure Requirements ,
Dismissal With Prejudice ,
Enforcement Actions ,
Internal Controls ,
Publicly-Traded Companies ,
Regulatory Oversight ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
SolarWinds
A recent Sixth Circuit decision, In re: FirstEnergy Corp., provides essential guidance on protecting privileged materials and work product for companies conducting internal investigations in response to regulatory or...more
11/5/2025
/ Appellate Courts ,
Attorney-Client Privilege ,
Board of Directors ,
Corporate Governance ,
Corporate Misconduct ,
Discovery ,
Document Management ,
Duty to Disclose ,
Internal Investigations ,
Privilege Waivers ,
Privileged Communication ,
Shareholders ,
Third-Party Risk ,
Work-Product Doctrine
On October 14, 2025, the Fourth Circuit issued its opinion in Holmes v. Elephant Insurance Company, clarifying that plaintiffs in data breach class actions must demonstrate that their compromised personal information was...more
10/27/2025
/ Appellate Courts ,
Article III ,
Class Action ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Injury-in-Fact ,
Litigation Strategies ,
Public Disclosure ,
Risk Management ,
Standing
On September 23, 2025, the California Privacy Protection Agency finalized major regulations under the California Consumer Privacy Act (CCPA), introducing new requirements for cybersecurity audits, risk assessments, automated...more
On September 26, 2025, the California Privacy Protection Agency (CPPA) issued a decision requiring Tractor Supply Company to restructure its privacy practices and pay a $1.35 million fine to resolve alleged violations of the...more
10/10/2025
/ California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Contract Terms ,
Corporate Fines ,
Data Privacy ,
Enforcement Actions ,
Job Applicants ,
Penalties ,
Retailers ,
Settlement ,
State Privacy Laws ,
Statutory Violations
The California Privacy Protection Agency and the attorneys general of California, Colorado, and Connecticut announced joint investigations this month into companies that may be ignoring Global Privacy Control (GPC), a type of...more
9/30/2025
/ California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Enforcement Actions ,
Multistate Investigations ,
New Legislation ,
Opt-Outs ,
State Attorneys General ,
State Privacy Laws ,
Web Browsers ,
Websites
When the European Central Bank declared the Spanish bank, Banco Popular Español, as "failing or likely to fail" in 2017, the Single Resolution Board (SRB) stepped in to resolve the issue by announcing the transfer of all...more
9/16/2025
/ Data Controller ,
Data Privacy ,
Data Protection ,
Data Transfers ,
Debt Restructuring ,
EDPS ,
EU ,
European Central Bank ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Regulatory Authority ,
Spain ,
Third-Party Service Provider ,
Transparency ,
Winding Down
Though recently stalled, California legislators have been taking steps over the past few months to address the surge of "pixel-tracking" lawsuits impacting businesses. ...more
On May 21, 2025, the Federal Trade Commission (FTC) finalized a consent order with GoDaddy to settle allegations that the web hosting company misled customers and failed to implement basic data security protections. Although...more
8/15/2025
/ Consent Order ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
GoDaddy.com ,
Marriott ,
Misleading Statements ,
Regulatory Requirements ,
Unfair or Deceptive Trade Practices
Earlier this spring, the U.S. Department of Justice’s National Security Division (NSD) launched the data security program (DSP). The program is designed to address national security risks posed by foreign adversaries' access...more
8/11/2025
/ Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Centers ,
Data Security ,
Department of Justice (DOJ) ,
Export Controls ,
Foreign Adversaries ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
International Emergency Economic Powers Act (IEEPA) ,
National Security ,
Penalties ,
Personal Data ,
Prohibited Transactions ,
Reporting Requirements ,
Restricted Transactions