Alston & Bird Privacy, Cyber & Data Strategy Blog

Regulatory Enforcement

SEC Withdraws Proposed Cyber-Related Rule Applicable to Broker-Dealers And Signals SolarWinds Settlement on the Horizon

By , , , and

The Securities and Exchange Commission (SEC) recently announced the withdrawal of several Biden-era regulations, including a proposed rule that would have required a broad range of platforms and financial intermediaries (such as broker-dealers, clearing agencies, national securities exchanges, and transfer agents) to adopt policies and procedures that address cybersecurity risks. The proposed rule also would […]

UK Data Protection Regulator Fines UK Law Firm ~$80,000 Following Ransomware Incident

By and

On April 14, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined DPP Law (“DPP”) £60,000 (approximately $80,000) following a ransomware incident. In its penalty notice, the ICO found that DPP failed to implement appropriate technical and organisational measures, as required by Article 5(1)(f) and Article 32 UK GDPR. This is the […]

State Regulators Form Privacy Law Implementation and Enforcement Group

By and

Eight state regulators have established a coalition called the Consortium of Privacy Regulators to collaborate on the implementation and enforcement of their privacy laws. According to announcements from the California Privacy Protection Agency (“CPPA”) and California Attorney General Rob Bonta, the Consortium aims to coordinate enforcement efforts, share priorities, and discuss developments in privacy law. […]

Key Takeaways from CPPA’s Recent Settlement with an Automotive Manufacturer for Alleged CCPA Violations

By and

On March 12, 2025, the California Privacy Protection Agency (CPPA) published its decision approving a Stipulated Final Order (Order) against a major automotive manufacturer (company) for violations of the California Consumer Privacy Act (CCPA).  The Order requires the company to pay a $632,500 fine and implement several changes to its data handling practices. These changes […]

New York AG Announces $650,000 Settlement with Social Media App Developer for Students’ Privacy and Safety Concerns

By , and

On March 7, 2025, the Office of the New York State Attorney General (NY AG) published an Assurance of Discontinuance (Assurance) settling claims against Saturn Technologies, Inc. (company), a developer of a social media app for high school students. The NY AG found that the company made unsubstantiated claims about the app’s privacy and safety […]