Alston & Bird Privacy, Cyber & Data Strategy Blog

Kristen Bartolotta

Avatar photo

About Kristen Bartolotta

Kristen Bartolotta is an associate in Alston & Bird’s Privacy, Cyber & Data Strategy Team. She advises clients on managing privacy and cyber risk, breach investigations and response, transactional diligence, and emerging technologies. Kristen also advises on privacy and security compliance at the state, federal, and international levels.

[Read Bio]

FCC Proposes to Change Data Breach Reporting Rules for Telecommunication Companies

By and

On January 6, 2023, the FCC released a Notice of Proposed Rulemaking (the “Notice”) proposing to “modernize the Commission’s data breach rules,” and thereby launching a formal effort to gather information from the industry on the issue of data breach reporting. The Notice, adopted on December 28, 2022, seeks to strengthen its rules with the […]

UK’s National Cyber Security Centre Releases 2022 Annual Review

By and

The United Kingdom’s National Cyber Security Centre (NCSC) recently released its 2022 Annual Review, which reports on the state of cyber security threats in the country. As the UK’s technical authority for cyber security, the NCSC releases an annual report covering the cyber threats from the prior 12 months as well as analysis of potential […]

Recent FTC Order Has Implications for Executive Liability and Corporate Data Minimization Practices

By , and

On October 24, 2022, the Federal Trade Commission (“FTC”) announced a proposed consent order against both Drizly LLC, an online marketplace for alcohol delivery, and its CEO over the company’s alleged security failures that led to a data breach in 2020, which exposed the personal information of approximately 2.5 million Drizly customers. Drizly and its […]

NHTSA Updates its Guidance on Cybersecurity Best Practices for the Safety of Modern Vehicles

By , and

  On September 7, 2022 the U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) released an updated edition of its Cybersecurity Best Practices for the Safety of Modern Vehicles, the last edition of which was published in 2016. This most recent edition of this non-binding guidance leverages agency research, industry voluntary standards, and […]

CISA Issues Request for Information Prior to Required CIRCIA Rulemaking

By , and

On September 12, 2022, the Cybersecurity and Infrastructure Security Agency (CISA) issued a request for information (RFI) seeking input from stakeholders on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Signed by President Biden in March, CIRCIA requires CISA to develop and implement regulations requiring covered entities to report information about covered […]