Alston & Bird Privacy, Cyber & Data Strategy Blog

UK’s National Cyber Security Centre Releases 2025 Annual Review

By and

The United Kingdom’s National Cyber Security Centre (NCSC) has released its Annual Review for 2025. As in 2024, the report covers the UK’s cyber security position as well as the country’s readiness to deal with those threats. A copy of NCSC’s report is available here. The Annual Review states that “it is time to act”. As this year has demonstrated, cyber security is critical to business longevity and success. The Annual Review summarises the key rising cyber threats over the last year, … [Read more] about UK’s National Cyber Security Centre Releases 2025 Annual Review

NYDFS Issues Guidance on Managing Risks Related to Third-Party Service Providers

By , and

On October 21, 2025, the New York Department of Financial Services (“NYDFS”) published an Industry Letter (the “Letter”) outlining guidance on managing risks related to third-party service providers (“TPSPs”). NYDFS recognizes that as covered … [Read more] about NYDFS Issues Guidance on Managing Risks Related to Third-Party Service Providers

Key Breach Notification Updates in California and Oklahoma for 2026

By and

Effective January 1, 2026, new legislation in California and Oklahoma will introduce important updates to each state’s breach notification requirements. These changes may significantly impact breach response obligations for businesses operating in or … [Read more] about Key Breach Notification Updates in California and Oklahoma for 2026

California Enacts Digital Age Verification Law

By and

On October 13, 2025, California Governor Gavin Newsom signed Assembly Bill 1043, the Digital Age Assurance Act (Act), into law. Effective January 1, 2027, the Act introduces a device-based age verification system designed to create safer digital … [Read more] about California Enacts Digital Age Verification Law