Alston & Bird Privacy, Cyber & Data Strategy Blog

Carson Kuck

Avatar photo

About Carson Kuck

Carson draws on his experience supporting federal and state offices to help clients find solutions to their cybersecurity and data privacy matters.

[Read Bio]

NYDFS Issues Guidance on Managing Risks Related to Third-Party Service Providers

By , and

On October 21, 2025, the New York Department of Financial Services (“NYDFS”) published an Industry Letter (the “Letter”) outlining guidance on managing risks related to third-party service providers (“TPSPs”). NYDFS recognizes that as covered entities become more reliant on TPSPs, managing TPSPs “remains a crucial element of a Covered Entity’s cybersecurity program.” The Letter outlines […]

Microsoft Announces Two New On-Premises SharePoint Vulnerabilities

By , and

  Introduction On July 19, 2025, Microsoft announced two new vulnerabilities that are actively being exploited (CVE-2025-49704 and CVE-2025-49706) and that relate to on-premises Microsoft SharePoint instances that are exposed to the internet. CVE-2025-49704 is a remote code execution (RCE) vulnerability, which allows an attacker to run malicious code on a target system. CVE-2025-49706 is […]

FCC Announces New National Security Unit Focusing on State-Sponsored Cyber Threats

By and

On March 13, 2025, the Federal Communications Commission’s (“FCC”) Chairman Brendan Carr announced the creation of a Council on National Security (the “Council”) with Adam Chan serving as the Director. This new Council will be comprised of eight Bureaus and Offices within the FCC and will “leverage the full range of the Commission’s regulatory, investigatory, […]

Texas AG Files Complaint Against Major Insurance Company Regarding Data Practices

By , and

The Texas Office of the Attorney General recently has become increasingly interested in the practices of organizations who collect and utilize consumer data. On January 13, 2025, the Attorney General of Texas, Ken Paxton, (the “Texas AG”) filed a complaint (the “Complaint”) against a large insurance entity and its subsidiary company (“Defendants”). The Complaint outlines […]

FTC Announces Proposed Settlement with GoDaddy Incorporating Prescriptive Cybersecurity Requirements

By , and

On January 15, 2025, the Federal Trade Commission (FTC) announced a proposed settlement with GoDaddy Inc. (GoDaddy) for making false or misleading representations about their security practices in violation of Section 5 of the FTC Act. GoDaddy, a website hosting company, serves approximately 5 million customers. In the complaint, the FTC indicated that although GoDaddy […]