Alston & Bird Privacy, Cyber & Data Strategy Blog

Scott Hilsen

Scott Hilsen

About Scott Hilsen

Scott Hilsen serves as a strategic advisor in developing and implementing effective privacy and cybersecurity programs, and as a first responder in breach and cybersecurity incidents. He has extensive experience across diverse industries for both public and private companies.

[Read Bio]

CISA Revives CIRCIA Rulemaking

By , and

Almost two years after seeking stakeholder input about a final rule under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), the Cybersecurity and Infrastructure Security Agency (CISA) announced that it will hold virtual town hall meetings for certain industry sectors in March and April 2026 to solicit additional input on the Notice […]

New York Regulates Large Artificial Intelligence Models

By , , , and

On December 19, 2025, just eight days after President Trump issued an executive order titled “Ensuring a National Policy Framework for Artificial Intelligence” to challenge burdensome state laws that regulate artificial intelligence (the “December 2025 EO”), New York Governor Kathy Hochul signed the Responsible Artificial Intelligence (“AI”) Safety and Education Act (the “RAISE Act”). The […]

Government Shutdown Creates Lapse in Cyber Threat Information Sharing

By and

The day before the recent federal government shutdown, a ten-year old cybersecurity law expired before it could be reauthorized. The Cybersecurity Information Sharing Act of 2015 (“CISA”) provided a mechanism for private companies to share information with the federal government about cyber threats in return for certain legal protections. CISA applied only when the information […]

CISA Gives Itself an Extension for Cyber Incident Reporting Rules

By and

The Cybersecurity and Infrastructure Security Agency (CISA) has extended the deadline for it to issue final rules about mandatory incident reporting for critical infrastructure entities.  The original deadline of October 2025 was pushed by six months to May 2026. Under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), passed in 2022, critical infrastructure entities […]

Are You Ready For The Department Of Justice’s Bulk Data Transfer Rule?

By , and

On July 8, 2025, the Department of Justice (“DOJ”) is set to lift its self-imposed pause on enforcing certain violations of its Rule Preventing Access to US Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons (the “Bulk Data Rule” or “DOJ Rule”), 28 CFR Part 202.  The Bulk Data Rule, […]