Alston & Bird Privacy, Cyber & Data Strategy Blog

Texas Expands Data Broker Act Requirements

September 12, 2025 By Maki DePalo and Hyun Jai Oh

On September 1, 2025, the amendments to the Texas Data Broker Act (the Act) became effective. The Act, which originally came into effect on September 1, 2023, defines “data brokers” as business entities that derive their principal source of revenue from collecting, processing, or transferring personal data that they did not collect directly from consumers. The law requires data brokers to post an online notice of its status as a data broker, register annually with the Texas Secretary of State … [Read more] about Texas Expands Data Broker Act Requirements

United States, International Coalition Issue Joint Warning of Increasing PRC Backed Threat Activity

September 10, 2025 By Kim Peretti, Lance Taubin and Andrew Rice

On August 27, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the United States Department of Defense Cyber Crime Center (DC3) … [Read more] about United States, International Coalition Issue Joint Warning of Increasing PRC Backed Threat Activity

CISA Gives Itself an Extension for Cyber Incident Reporting Rules

September 10, 2025 By Kim Peretti and Scott Hilsen

The Cybersecurity and Infrastructure Security Agency (CISA) has extended the deadline for it to issue final rules about mandatory incident reporting for critical infrastructure entities. The original deadline of October 2025 was pushed by six months … [Read more] about CISA Gives Itself an Extension for Cyber Incident Reporting Rules

Compliance Deadline for Colorado AI Act Delayed Until June 30, 2026

September 10, 2025 By Maki DePalo and Hyun Jai Oh

On August 28, 2025, Colorado Governor Jared Polis signed Senate Bill 25B-004 (Bill) into law, extending the compliance deadline of the Colorado Artificial Intelligence Act (CAIA) from February 1, 2026, to June 30, 2026. The Bill does not alter the … [Read more] about Compliance Deadline for Colorado AI Act Delayed Until June 30, 2026

Multistate Privacy Investigative Sweep Targeting Website Global Privacy Control (GPC) Noncompliance

September 10, 2025 By David Keating, Daniel Felz and Hyun Jai Oh

On September 9, 2025, the California Privacy Protection Agency (CPPA) announced a joint investigation sweep targeting businesses that may be failing to honor consumers’ opt-out requests submitted via Global Privacy Control (GPC) signals, in … [Read more] about Multistate Privacy Investigative Sweep Targeting Website Global Privacy Control (GPC) Noncompliance