Alston & Bird Privacy, Cyber & Data Strategy Blog

Kristen Bartolotta

Avatar photo

About Kristen Bartolotta

Kristen Bartolotta is an associate in Alston & Bird’s Privacy, Cyber & Data Strategy Team. She advises clients on managing privacy and cyber risk, breach investigations and response, transactional diligence, and emerging technologies. Kristen also advises on privacy and security compliance at the state, federal, and international levels.

[Read Bio]

California Proposes Annual Audits to Assess Sufficiency and Compliance of Company Cybersecurity

By , and

In late August 2023, the California Privacy Protection Agency (“CPPA” or “Agency”) released a discussion draft of proposed regulations under California’s data privacy law, the California Consumer Privacy Act (“CCPA”). Importantly, the proposed regulations set forth more detailed obligations for company cybersecurity programs, including routinely assessing and filing audits with the CPPA. Though these draft […]

FTC Launches Investigation into Creator of ChatGPT

By , , and

In mid-July, the Federal Trade Commission (FTC) reportedly opened an investigation into OpenAI, the maker of ChatGPT, sending the company an extensive Civil Investigative Demand (CID). While FTC investigations are normally non-public, the Washington Post published what appears to be part of the CID sent from the FTC to OpenAI. This investigation comes on the […]

Chinese Hackers Exploit Gap in Cloud Environment Used by U.S. Government

By and

According to recent reports issued by Microsoft and U.S. government agencies, hackers recently exploited a gap in Microsoft’s cloud environment, enabling the malicious actors to access the email accounts of employees at the United States Commerce and State Departments. Including the U.S. government, around 10 organizations were victimized in the U.S. and about 25 were […]

FCC Proposes to Change Data Breach Reporting Rules for Telecommunication Companies

By and

On January 6, 2023, the FCC released a Notice of Proposed Rulemaking (the “Notice”) proposing to “modernize the Commission’s data breach rules,” and thereby launching a formal effort to gather information from the industry on the issue of data breach reporting. The Notice, adopted on December 28, 2022, seeks to strengthen its rules with the […]

UK’s National Cyber Security Centre Releases 2022 Annual Review

By and

The United Kingdom’s National Cyber Security Centre (NCSC) recently released its 2022 Annual Review, which reports on the state of cyber security threats in the country. As the UK’s technical authority for cyber security, the NCSC releases an annual report covering the cyber threats from the prior 12 months as well as analysis of potential […]