Alston & Bird Privacy, Cyber & Data Strategy Blog

Kelly Hagedorn

Avatar photo

About Kelly Hagedorn

Kelly leverages her significant enforcement background to help clients mitigate risk under UK and EU data protection laws and support global clients on regulatory issues involving data privacy regulation and litigation.

[Read Bio]

UK Data Protection Regulator Fines Capita ~$18.8 Million Following a Ransomware Attack

By and

On October 15, 2025, the UK’s Information Commissioner’s Office (ICO) fined Capita plc and Capita Pension Solutions Limited (collectively “Capita”) £14 million (~$18.8 million) for failing to implement adequate security measures to protect the personal data of over ~6.6 million individuals following a ransomware attack by Black Basta. The ICO’s penalty notice is available here. […]

The EU Data Act Comes Into Force

By and

The EU officially adopted the Data Act in January 2024, and it came into force on September 12, 2025. The Data Act builds on existing laws like the General Data Protection Regulation and the Data Governance Act. Now that the legislation is active, companies that fall under its scope must proactively review its provisions and […]

UK Data Protection Regulator Fines 23andMe ~$3.1 Million Following Credential Stuffing Attack

By and

On June 5, 2025, the UK’s Information Commissioner’s Office (ICO) fined 23andMe £2.31 million (~$3.1 million). The fine was for failing to implement adequate security measures to protect the personal data of over 155,000 UK users. The penalty followed a joint investigation with the Office of the Privacy Commissioner of Canada, highlighting  how regulators are […]

European Vulnerability Database Published by the European Union Agency for Cybersecurity

By and

The European Union Agency for Cybersecurity (ENISA) has launched the European Vulnerability Database (EUVD), a tool designed to enhance digital security across the EU. The EUVD is available here. ENISA created the EUVD under the Network and Information Securities 2 Directive (NIS2). It is a centralised database containing information on cybersecurity vulnerabilities affecting information technology […]

UK Publishes Software Security Code

By and

Cyber security supply chain risks are growing, and attacks on vendors and other third parties cause severe disruption to businesses. For example, in recent years we have seen many incidents that have involved threat actors compromising third-party software used by a significant number of customers. With that background, on May 7, 2025, the National Cyber […]