Eight years ago, on March 1, 2017, the New York Department of Financial Services enacted its landmark cybersecurity regulation covering financial services companies, 23 NYCRR Part 500, known as “Part 500.” Part 500 was the first state regulation to … [Read more] about 2025 State Cybersecurity Legislation Focuses on Financial Services
Eight state regulators have established a coalition called the Consortium of Privacy Regulators to collaborate on the implementation and enforcement of their privacy laws. According to announcements from the California Privacy Protection Agency … [Read more] about State Regulators Form Privacy Law Implementation and Enforcement Group
On April 8, 2025, the UK government published the Cyber Code of Practice (the “Code”) to support board directors in governing cybersecurity risks. The Code is available online. The UK's data protection regulator is actively investigating and, in some … [Read more] about UK Government Publishes Cyber Governance Code of Practice for Boards and Directors
On March 23, 2025, 23andMe Holding Co. (“23andMe”) filed for bankruptcy in the Eastern District of Missouri, potentially setting in motion the sale of genetic data collected from more than 15 million people. This has led to news outlets and state … [Read more] about To Delete or Not to Delete: Can 23andMe Really Sell Genetic Data Via Bankruptcy?
On March 26, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined Advanced Computer Software Group Ltd (“Advanced”) £3.07 million (approximately $4 million). In 2022, Advanced suffered a ransomware incident … [Read more] about UK’s Data Protection Regulator fines a UK SaaS provider ~$4 million following a ransomware incident