On June 5, 2025, the UK’s Information Commissioner’s Office (ICO) fined 23andMe £2.31 million (~$3.1 million). The fine was for failing to implement adequate security measures to protect the personal data of over 155,000 UK users. The penalty followed a joint investigation with the Office of the Privacy Commissioner of Canada, highlighting how regulators are increasingly working together to investigate breaches of data protection legislation. The ICO’s penalty notice is available here. See … [Read more] about UK Data Protection Regulator Fines 23andMe ~$3.1 Million Following Credential Stuffing Attack
NYDFS Issues Guidance on Heightened Cybersecurity and Sanctions Risk from Global Conflict
Overview On June 23, 2025, the New York State Department of Financial Services (“NYDFS”) issued an industry letter encouraging all regulated entities to review their cybersecurity and sanctions compliance programs in light of heightened … [Read more] about NYDFS Issues Guidance on Heightened Cybersecurity and Sanctions Risk from Global Conflict
Are You Ready For The Department Of Justice’s Bulk Data Transfer Rule?
On July 8, 2025, the Department of Justice (“DOJ”) is set to lift its self-imposed pause on enforcing certain violations of its Rule Preventing Access to US Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered … [Read more] about Are You Ready For The Department Of Justice’s Bulk Data Transfer Rule?
Trump Administration Releases Cyber Executive Order Revealing Renewed Strategy for U.S. Cybersecurity

On June 6, 2025, President Trump issued an Executive Order (EO) on Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity, amending certain prior directives established by the Biden and Obama administrations. Importantly, the … [Read more] about Trump Administration Releases Cyber Executive Order Revealing Renewed Strategy for U.S. Cybersecurity
New Artificial Intelligence Laws in Effect in Utah

Utah Governor Spencer J. Cox signed three state AI bills into law that took effect May 7, 2025. These laws require businesses to make “you’re talking to a bot” disclosures and comply with privacy requirements when using AI in connection with consumer … [Read more] about New Artificial Intelligence Laws in Effect in Utah