Alston & Bird Privacy, Cyber & Data Strategy Blog

Microsoft Announces Two New On-Premises SharePoint Vulnerabilities

July 30, 2025 By Jennifer Everett, Kim Peretti and Carson Kuck

Introduction On July 19, 2025, Microsoft announced two new vulnerabilities that are actively being exploited (CVE-2025-49704 and CVE-2025-49706) and that relate to on-premises Microsoft SharePoint instances that are exposed to the internet. CVE-2025-49704 is a remote code execution (RCE) vulnerability, which allows an attacker to run malicious code on a target system. CVE-2025-49706 is a spoofing vulnerability, which allows an attacker to disguise themselves as a known or trusted … [Read more] about Microsoft Announces Two New On-Premises SharePoint Vulnerabilities

CPPA Board Votes to Adopt CCPA Regulations; Open DROP Rules to Public Comment

July 25, 2025 By Dorian Simmons

On July 24, 2025, the California Privacy Protection Agency (“CPPA”) Board voted to adopt draft regulations under the California Consumer Privacy Act (“CCPA”) concerning cybersecurity audits, risk assessments, automated decisionmaking technologies, … [Read more] about CPPA Board Votes to Adopt CCPA Regulations; Open DROP Rules to Public Comment

EU-wide Breach Notification Template On The Horizon

July 24, 2025 By Hanna Hewitt, Wim Nauwelaerts and Alice Portnoy

Following their recent meeting in Finland, the EU Data Protection Authorities acting through the European Data Protection Board (EDPB) announced their intention … [Read more] about EU-wide Breach Notification Template On The Horizon

CPPA Board to Discuss Draft CCPA Regulations, DROP Requirements

July 23, 2025 By Dorian Simmons

The California Privacy Protection Agency (“CPPA”) Board will meet on Thursday, July 24 to discuss the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automatic decisionmaking technology (“ADMT”), … [Read more] about CPPA Board to Discuss Draft CCPA Regulations, DROP Requirements

SEC Withdraws Proposed Cyber-Related Rule Applicable to Broker-Dealers And Signals SolarWinds Settlement on the Horizon

July 18, 2025 By Cara Peterman, Kate Hanniford, Sierra Shear, Madeleine Juszynski Davidson and Kristen Bartolotta

The Securities and Exchange Commission (SEC) recently announced the withdrawal of several Biden-era regulations, including a proposed rule that would have required a broad range of platforms and financial intermediaries (such as broker-dealers, … [Read more] about SEC Withdraws Proposed Cyber-Related Rule Applicable to Broker-Dealers And Signals SolarWinds Settlement on the Horizon