Alston & Bird Privacy, Cyber & Data Strategy Blog

UK Cybersecurity Legislation Soon to be Introduced

November 21, 2025 By Hanna Hewitt

The UK Government has introduced the Cyber Security and Resilience (Network and Information Systems) Bill (the “Bill”) to Parliament, marking the most significant update to the UK’s cyber legislation since 2018. You can access a copy of the Bill here. The Bill aims to strengthen national security and protect critical infrastructure networks in key sectors from increasingly sophisticated cyber threats. What is the purpose of the Bill? The Bill updates the existing 2018 Network and Information … [Read more] about UK Cybersecurity Legislation Soon to be Introduced

Closing the Privacy Gap: HIPRA Targets Health Apps and Wearables

November 19, 2025 By Sara Pullen, Angela Burnette and Jennifer Pike

Move over HIPAA…the health privacy landscape may be in for a shakeup. On November 4, 2025, Senator Bill Cassidy, M.D. (R-LA) introduced the Health Information Privacy Reform Act (HIPRA), a bill aimed at closing a gap in health data protections. HIPAA … [Read more] about Closing the Privacy Gap: HIPRA Targets Health Apps and Wearables

HIPAA Security Rule: Still on Track for Finalization

November 3, 2025 By Jennifer Everett, Kate Hanniford, Angela Burnette and Jennifer Pike

Since the HHS Office for Civil Rights’ (OCR) publication of a proposed rule to overhaul the HIPAA Security Rule in January 2025, many in the health care and privacy community have wondered whether the rule would quietly fade away. Some even hoped it … [Read more] about HIPAA Security Rule: Still on Track for Finalization

UK’s National Cyber Security Centre Releases 2025 Annual Review

October 28, 2025 By Hanna Hewitt and Kelly Hagedorn

The United Kingdom’s National Cyber Security Centre (NCSC) has released its Annual Review for 2025. As in 2024, the report covers the UK’s cyber security position as well as the country’s readiness to deal with those threats. A copy of NCSC’s report … [Read more] about UK’s National Cyber Security Centre Releases 2025 Annual Review

NYDFS Issues Guidance on Managing Risks Related to Third-Party Service Providers

October 27, 2025 By Kate Hanniford, Lance Taubin and Carson Kuck

On October 21, 2025, the New York Department of Financial Services (“NYDFS”) published an Industry Letter (the “Letter”) outlining guidance on managing risks related to third-party service providers (“TPSPs”). NYDFS recognizes that as covered … [Read more] about NYDFS Issues Guidance on Managing Risks Related to Third-Party Service Providers