Cyber security supply chain risks are growing, and attacks on vendors and other third parties cause severe disruption to businesses. For example, in recent years we have seen many incidents that have involved threat actors compromising third-party software used by a significant number of customers. With that background, on May 7, 2025, the National Cyber Security Centre (“NCSC”) and the Department of Science, Innovation and Technology (“DSIT”) published the Software Security Code of Practice … [Read more] about UK Publishes Software Security Code
Texas AG Secures $1.375 Billion from Google: Key Takeaways for Companies Collecting Consumer Data
On May 9, 2025, the Texas Attorney General Ken Paxton announced a $1.375 billion settlement with Google—by far the largest state-level privacy settlement reached against Google to date. The settlement resolves lawsuits filed in 2022 alleging that … [Read more] about Texas AG Secures $1.375 Billion from Google: Key Takeaways for Companies Collecting Consumer Data
CISA Issues Enhanced Guidance to Mitigate Cyber Threats to Operational Technology Systems
Overview On May 6, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the FBI, Environmental Protection Agency (EPA), and Department of Energy (DOE), issued a joint fact sheet titled “Primary Mitigations to … [Read more] about CISA Issues Enhanced Guidance to Mitigate Cyber Threats to Operational Technology Systems
CPPA Issues Revised Draft CCPA Regulations; Votes to Initiate Public Comment Period
On May 1, 2025, the California Privacy Protection Agency (“CPPA”) Board convened to discuss revisions to the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automatic decisionmaking technology … [Read more] about CPPA Issues Revised Draft CCPA Regulations; Votes to Initiate Public Comment Period
UK Data Protection Regulator Fines UK Law Firm ~$80,000 Following Ransomware Incident
On April 14, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined DPP Law (“DPP”) £60,000 (approximately $80,000) following a ransomware incident. In its penalty notice, the ICO found that DPP failed to … [Read more] about UK Data Protection Regulator Fines UK Law Firm ~$80,000 Following Ransomware Incident