Overview On May 6, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the FBI, Environmental Protection Agency (EPA), and Department of Energy (DOE), issued a joint fact sheet titled “Primary Mitigations to … [Read more] about CISA Issues Enhanced Guidance to Mitigate Cyber Threats to Operational Technology Systems
On May 1, 2025, the California Privacy Protection Agency (“CPPA”) Board convened to discuss revisions to the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automatic decisionmaking technology … [Read more] about CPPA Issues Revised Draft CCPA Regulations; Votes to Initiate Public Comment Period
On April 14, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined DPP Law (“DPP”) £60,000 (approximately $80,000) following a ransomware incident. In its penalty notice, the ICO found that DPP failed to … [Read more] about UK Data Protection Regulator Fines UK Law Firm ~$80,000 Following Ransomware Incident
On March 26, 2025, the United States Department of Justice (DOJ) announced that it had reached an agreement with MORSECORP Inc. (MORSE) to settle alleged violations of the False Claims Act (FCA), specifically regarding MORSE’s cybersecurity program. … [Read more] about DOJ Settles False Claims Act Case with MORSECORP Over Cybersecurity Program
Today, on May 1, 2025, additional enhanced cybersecurity controls required by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) take effect. Although … [Read more] about Additional Cybersecurity Requirements of NYDFS Part 500 Take Effect Today