Data Security

Trump Administration Releases Cyber Executive Order Revealing Renewed Strategy for U.S. Cybersecurity

June 15, 2025 By Kim Peretti and Kristen Bartolotta

On June 6, 2025, President Trump issued an Executive Order (EO) on Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity, amending certain prior directives established by the Biden and Obama administrations. Importantly, the administration’s new directive maintains continuity of the cybersecurity goals of prior administrations and demonstrates that cybersecurity remains a bipartisan priority. However, the […]

European Vulnerability Database Published by the European Union Agency for Cybersecurity

June 2, 2025 By Hanna Hewitt and Kelly Hagedorn

The European Union Agency for Cybersecurity (ENISA) has launched the European Vulnerability Database (EUVD), a tool designed to enhance digital security across the EU. The EUVD is available here. ENISA created the EUVD under the Network and Information Securities 2 Directive (NIS2). It is a centralised database containing information on cybersecurity vulnerabilities affecting information technology […]

UK Publishes Software Security Code

May 15, 2025 By Hanna Hewitt and Kelly Hagedorn

Cyber security supply chain risks are growing, and attacks on vendors and other third parties cause severe disruption to businesses. For example, in recent years we have seen many incidents that have involved threat actors compromising third-party software used by a significant number of customers. With that background, on May 7, 2025, the National Cyber […]

CPPA Issues Revised Draft CCPA Regulations; Votes to Initiate Public Comment Period

May 9, 2025 By Dorian Simmons

On May 1, 2025, the California Privacy Protection Agency (“CPPA”) Board convened to discuss revisions to the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automatic decisionmaking technology (“ADMT”), insurance, and updates to the existing CCPA regulations. The revisions were informed by comments received by the CPPA during the formal public […]

DOJ Settles False Claims Act Case with MORSECORP Over Cybersecurity Program

May 6, 2025 By Kim Peretti, Andrew Liebler, Lance Taubin and Andrew Rice

On March 26, 2025, the United States Department of Justice (DOJ) announced that it had reached an agreement with MORSECORP Inc. (MORSE) to settle alleged violations of the False Claims Act (FCA), specifically regarding MORSE’s cybersecurity program. The DOJ and MORSE—a government contractor that provides services to both the Departments of the Army and Air […]