Alston & Bird Privacy, Cyber & Data Strategy Blog

Board Governance & Cyber Risk Management

UK Data Protection Regulator Fines UK Law Firm ~$80,000 Following Ransomware Incident

By and

On April 14, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined DPP Law (“DPP”) £60,000 (approximately $80,000) following a ransomware incident. In its penalty notice, the ICO found that DPP failed to implement appropriate technical and organisational measures, as required by Article 5(1)(f) and Article 32 UK GDPR. This is the […]

DOJ Settles False Claims Act Case with MORSECORP Over Cybersecurity Program

By , , and

On March 26, 2025, the United States Department of Justice (DOJ) announced that it had reached an agreement with MORSECORP Inc. (MORSE) to settle alleged violations of the False Claims Act (FCA), specifically regarding MORSE’s cybersecurity program.  The DOJ and MORSE—a government contractor that provides services to both the Departments of the Army and Air […]

Additional Cybersecurity Requirements of NYDFS Part 500 Take Effect Today

By , , , and

Today, on May 1, 2025, additional enhanced cybersecurity controls required by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) take effect.  Although the Second Amendment was originally adopted in November of 2023, NYDFS established a multi-year rollout of the Second Amendment’s requirements, […]

FTC Publishes Amendments to COPPA Rule

By and

On April 22, 2025, the Federal Trade Commission (FTC) published the finalized amendments (Amendments) to the Children’s Online Privacy Protection Rule (COPPA Rule) that would impose additional restrictions on website and online service operators that collect personal information from children under the age of thirteen. The Amendments will become effective on June 23, 2025.  Operators […]

2025 State Cybersecurity Legislation Focuses on Financial Services

By and

Eight years ago, on March 1, 2017, the New York Department of Financial Services enacted its landmark cybersecurity regulation covering financial services companies, 23 NYCRR Part 500, known as “Part 500.”  Part 500 was the first state regulation to enumerate, in great detail, the elements of a cybersecurity program that a covered financial service company […]