Regulation

SEC Withdraws Proposed Cyber-Related Rule Applicable to Broker-Dealers And Signals SolarWinds Settlement on the Horizon

July 18, 2025 By Cara Peterman, Kate Hanniford, Sierra Shear, Madeleine Juszynski Davidson and Kristen Bartolotta

The Securities and Exchange Commission (SEC) recently announced the withdrawal of several Biden-era regulations, including a proposed rule that would have required a broad range of platforms and financial intermediaries (such as broker-dealers, clearing agencies, national securities exchanges, and transfer agents) to adopt policies and procedures that address cybersecurity risks. The proposed rule also would […]

CPPA Issues Revised Draft CCPA Regulations; Votes to Initiate Public Comment Period

May 9, 2025 By Dorian Simmons

On May 1, 2025, the California Privacy Protection Agency (“CPPA”) Board convened to discuss revisions to the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automatic decisionmaking technology (“ADMT”), insurance, and updates to the existing CCPA regulations. The revisions were informed by comments received by the CPPA during the formal public […]

2025 State Cybersecurity Legislation Focuses on Financial Services

April 18, 2025 By Kim Peretti and Scott Hilsen

Eight years ago, on March 1, 2017, the New York Department of Financial Services enacted its landmark cybersecurity regulation covering financial services companies, 23 NYCRR Part 500, known as “Part 500.” Part 500 was the first state regulation to enumerate, in great detail, the elements of a cybersecurity program that a covered financial service company […]

European Commission Moves to Extend Free Flows of Personal Data to the UK

March 24, 2025 By Paul Greaves and Kelly Hagedorn

On March 18, 2025, the European Commission proposed to extend its adequacy decision in favor of the United Kingdom (‘UK’) for an additional six-month period. This would allow free flows of personal data from the EU to the UK to continue until December 2025. The existing adequacy decision – which was adopted in 2021 in […]

Key Takeaways from CPPA’s Recent Settlement with an Automotive Manufacturer for Alleged CCPA Violations

March 19, 2025 By Maki DePalo and Hyun Jai Oh

On March 12, 2025, the California Privacy Protection Agency (CPPA) published its decision approving a Stipulated Final Order (Order) against a major automotive manufacturer (company) for violations of the California Consumer Privacy Act (CCPA). The Order requires the company to pay a $632,500 fine and implement several changes to its data handling practices. These changes […]