Alston & Bird Privacy, Cyber & Data Strategy Blog

Hanna Hewitt

Avatar photo

About Hanna Hewitt

Hanna helps clients navigate cybersecurity and data protection matters in the U.K., European Union, and beyond. She assists clients throughout the lifecycle of a cyber incident: helping with immediate response, working with forensic providers to eradicate and contain cyber threats, and advising clients on their regulatory and contractual obligations. At only two years qualified, she has managed over 20 large international incidents, often acting as the main point of contact for clients.

[Read Bio]

A New U.S. Cyber Strategy: President Trump’s Cyber Strategy for America

By and

A newly released U.S. government cyber strategy (available here) outlines a more assertive and coordinated national posture toward cybersecurity. The strategy acknowledges that cyberspace is central to economic security, national defense, and everyday life. In doing so, it warns that cyber threats now affect everything from critical infrastructure to small businesses and individuals. These cyber […]

UK Cybersecurity Legislation Soon to be Introduced

By

The UK Government has introduced the Cyber Security and Resilience (Network and Information Systems) Bill (the “Bill”) to Parliament, marking the most significant update to the UK’s cyber legislation since 2018. You can access a copy of the Bill here. The Bill aims to strengthen national security and protect critical infrastructure networks in key sectors […]

UK’s National Cyber Security Centre Releases 2025 Annual Review

By and

The United Kingdom’s National Cyber Security Centre (NCSC) has released its Annual Review for 2025. As in 2024, the report covers the UK’s cyber security position as well as the country’s readiness to deal with those threats. A copy of NCSC’s report is available here. The Annual Review states that “it is time to act”. […]

UK Data Protection Regulator Fines Capita ~$18.8 Million Following a Ransomware Attack

By and

On October 15, 2025, the UK’s Information Commissioner’s Office (ICO) fined Capita plc and Capita Pension Solutions Limited (collectively “Capita”) £14 million (~$18.8 million) for failing to implement adequate security measures to protect the personal data of over ~6.6 million individuals following a ransomware attack by Black Basta. The ICO’s penalty notice is available here. […]

The EU Data Act Comes Into Force

By and

The EU officially adopted the Data Act in January 2024, and it came into force on September 12, 2025. The Data Act builds on existing laws like the General Data Protection Regulation and the Data Governance Act. Now that the legislation is active, companies that fall under its scope must proactively review its provisions and […]