On October 21, 2025, the New York Department of Financial Services (“NYDFS”) published an Industry Letter (the “Letter”) outlining guidance on managing risks related to third-party service providers (“TPSPs”). NYDFS recognizes that as covered … [Read more] about NYDFS Issues Guidance on Managing Risks Related to Third-Party Service Providers
Effective January 1, 2026, new legislation in California and Oklahoma will introduce important updates to each state’s breach notification requirements. These changes may significantly impact breach response obligations for businesses operating in or … [Read more] about Key Breach Notification Updates in California and Oklahoma for 2026
On October 13, 2025, California Governor Gavin Newsom signed Assembly Bill 1043, the Digital Age Assurance Act (Act), into law. Effective January 1, 2027, the Act introduces a device-based age verification system designed to create safer digital … [Read more] about California Enacts Digital Age Verification Law
The day before the recent federal government shutdown, a ten-year old cybersecurity law expired before it could be reauthorized. The Cybersecurity Information Sharing Act of 2015 (“CISA”) provided a mechanism for private companies to share … [Read more] about Government Shutdown Creates Lapse in Cyber Threat Information Sharing
On October 15, 2025, the UK’s Information Commissioner’s Office (ICO) fined Capita plc and Capita Pension Solutions Limited (collectively “Capita”) £14 million (~$18.8 million) for failing to implement adequate security measures to protect the … [Read more] about UK Data Protection Regulator Fines Capita ~$18.8 Million Following a Ransomware Attack