• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

Privacy & Cyber Regulatory Enforcement

NYDFS Releases New Prescriptive FAQs on MFA

December 22, 2025 By Kim Peretti and Lance Taubin

The New York Department of Financial Services (NYDFS) has released a new set of Frequently Asked Questions (FAQs 18–23) under 23 NYCRR Part 500, reinforcing its position that multifactor authentication (MFA) remains a critical component of a covered entity’s cybersecurity program. These FAQs provide highly prescriptive guidance, including clarifications on technical requirements for the “possession” […]

Filed Under: Privacy & Cyber Regulatory Enforcement

New EU Regulation Clarifies Cybersecurity Rules for IoT Devices and Other ‘Products with Digital Elements’

December 10, 2025 By Paul Greaves, Wim Nauwelaerts and Kelly Hagedorn

On November 28 2025, the European Commission adopted a regulation implementing the Cyber Resilience Act (‘CRA’) – an EU-wide law which lays down cybersecurity requirements for companies that design and sell ‘products with digital elements’. PDEs can take many forms including IoT devices, hardware components, and certain software. The CRA imposes cybersecurity obligations in connection […]

Filed Under: Privacy & Cyber Regulatory Enforcement Tagged With: Cybersecurity, EU Regulation, European Union (EU)

California AG Announces $1.4 Million Settlement with Mobile App Provider for Alleged CCPA Violations

December 1, 2025 By Maki DePalo, David Keating and Hyun Jai Oh

On November 21, 2025, California Attorney General (AG) Rob Bonta announced a $1.4 million settlement with Jam City, Inc. (company), a mobile game app company, for alleged failures to enable in-app opt-outs from the sale and sharing of personal information across many of the company’s mobile apps as required by the California Consumer Privacy Act […]

Filed Under: Adtech & Digital Tracking, California Privacy & the CCPA, Privacy & Cyber Regulatory Enforcement Tagged With: Behavioral Tracking, California Consumer Privacy Act (CCPA), California Privacy Protection Agency (CPPA), California Privacy Rights Act (CPRA), Data Protection, Mobile Technologies, Privacy, Regulatory Enforcement, Tracking

SEC Dismisses Remaining Claims Against SolarWinds

November 24, 2025 By Cara Peterman, Sierra Shear and Madeleine Juszynski Davidson

On November 20, 2025, the Securities and Exchange Commission (SEC) dismissed its landmark enforcement action against SolarWinds Corp. and the company’s Chief Information Security Officer, Tim Brown.  In 2023, the SEC’s enforcement action broke new ground as the first formal action by the Commission against a CISO and the first civil fraud action litigated by […]

Filed Under: Privacy & Cyber Regulatory Enforcement, Privacy & Cybersecurity Litigation

NYDFS Issues Guidance on Managing Risks Related to Third-Party Service Providers

October 27, 2025 By Lance Taubin and Privacy, Cyber & Data Strategy Team

On October 21, 2025, the New York Department of Financial Services (“NYDFS”) published an Industry Letter (the “Letter”) outlining guidance on managing risks related to third-party service providers (“TPSPs”). NYDFS recognizes that as covered entities become more reliant on TPSPs, managing TPSPs “remains a crucial element of a Covered Entity’s cybersecurity program.” The Letter outlines […]

Filed Under: Privacy & Cyber Regulatory Enforcement

  • « Go to Previous Page
  • Page 1
  • Interim pages omitted …
  • Page 4
  • Page 5
  • Page 6
  • Page 7
  • Page 8
  • Interim pages omitted …
  • Page 132
  • Go to Next Page »

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


RANSOMWARE FUSION CENTER
Click here to request access

THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up


Secondary Sidebar

Categories

Recent Posts

  • Five Eyes Issues Urgent Call to Action on AI-Driven Cyber Threats
  • DOJ Settles False Claims Act Case with LOGZONE Over Cybersecurity Deficiencies
  • FTC Targets EdTech Data Practices in Final Order Following Major Student Data Breach
  • New Executive Order Promotes AI Innovation While Strengthening Cybersecurity Defenses
  • Produce the Prompts: A Court Says Expert AI Inputs Are Fair Game in Discovery
Copyright © 2026 · Alston & Bird · All Rights Reserved. Privacy.