Alston & Bird Privacy, Cyber & Data Strategy Blog

UK Data Protection Regulator Fines UK Law Firm ~$80,000 Following Ransomware Incident

May 6, 2025 By Hanna Hewitt and Kelly Hagedorn

On April 14, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined DPP Law (“DPP”) £60,000 (approximately $80,000) following a ransomware incident. In its penalty notice, the ICO found that DPP failed to implement appropriate technical and organisational measures, as required by Article 5(1)(f) and Article 32 UK GDPR. This is the second fine in Q1 2025 imposed by the ICO for such a failure. See the ICO’s action against Advanced Computer Software Group Ltd … [Read more] about UK Data Protection Regulator Fines UK Law Firm ~$80,000 Following Ransomware Incident

DOJ Settles False Claims Act Case with MORSECORP Over Cybersecurity Program

May 6, 2025 By Kim Peretti, Andrew Liebler, Lance Taubin and Andrew Rice

On March 26, 2025, the United States Department of Justice (DOJ) announced that it had reached an agreement with MORSECORP Inc. (MORSE) to settle alleged violations of the False Claims Act (FCA), specifically regarding MORSE’s cybersecurity program. … [Read more] about DOJ Settles False Claims Act Case with MORSECORP Over Cybersecurity Program

Additional Cybersecurity Requirements of NYDFS Part 500 Take Effect Today

May 1, 2025 By Kim Peretti, Kate Hanniford, Scott Hilsen, Lance Taubin and Andrew Rice

Today, on May 1, 2025, additional enhanced cybersecurity controls required by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) take effect. Although … [Read more] about Additional Cybersecurity Requirements of NYDFS Part 500 Take Effect Today

Arkansas Enacts Children and Teens’ Online Privacy Protection Act

April 25, 2025 By Maki DePalo and Hyun Jai Oh

On April 21, 2025, Arkansas Governor Sarah Huckabee Sanders signed into law the Arkansas Children and Teens’ Online Privacy Protection Act (Act), which will become effective on July 1, 2026. It draws inspiration from the federal Children and Teens’ … [Read more] about Arkansas Enacts Children and Teens’ Online Privacy Protection Act

Ninth Circuit Addresses Personal Jurisdiction Based on E-Commerce Data Collection in En Banc Decision

April 24, 2025 By Rachel Lowe, Erin Edwards, Leila Knox and Jared Allen

A recent decision by the Ninth Circuit Court of Appeals in Briskin v. Shopify, Inc., No. 22-15815, could impact the scope of personal jurisdiction over e-commerce and other entities that utilize cookies to collect personal information from visitors … [Read more] about Ninth Circuit Addresses Personal Jurisdiction Based on E-Commerce Data Collection in En Banc Decision