The Cybersecurity Information Sharing Act of 2015 (CISA 2015) expired on September 30, 2025, after Congress missed the reauthorization deadline. That lapse removes the decade-old legal framework that encouraged and protected cyber threat information sharing among companies, Information Sharing and…| Data Protection Report
Happy October and Cyber Awareness Month! While October ends with ghosts and goblins and other scary monsters for Halloween, the entire month of October is| Data Protection Report
On September 23, 2025, Italy adopted Law no. 132/2025 on Artificial Intelligence (AI). The law will enter into force on 10 October 2025 and aims, inter alia, to complement the Regulation EU 2024/1689 (EU AI Act). Continue reading Continue Reading| Data Protection Report
The Cybersecurity Information Sharing Act of 2015 (CISA 2015) expired on September 30, 2025, after Congress missed the reauthorization deadline. That lapse removes the decade-old legal framework that encouraged and protected cyber threat information sharing among companies, Information Sharing and Analysis Organizations and Centers (ISAOs/ISACs), and the federal government. In practical terms, the lapse of... Continue Reading| Data Protection Report
In a significant regulatory development, the Cyberspace Administration of China (CAC) has officially issued the Measures for the Administration of National Cybersecurity Incident Reporting (the Final Reporting Measures), which will take effect on 1 November 2025. This follows the release of a draft version in late 2023 and marks the first comprehensive, cross-sector regulation governing... Continue Reading| Data Protection Report
On September 1, 2025, Texas amended its telephone solicitation law to include text messages and to add several new requirements, including a registration| Data Protection Report
The Court of Justice of the European Union (CJEU) has delivered its judgment on case C 413/23 P European Data Protection Supervisor (EDPS) v Single Resolution Board (SRB). The CJEU has confirmed that pseudonymised data will not be personal data in all cases. This will be a welcome confirmation for innovative uses of data, including training AI models. The question... Continue Reading| Data Protection Report
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) (Dutch DPA) recently published a report on personal data breaches, which provides valuable insights into the Dutch DPA’s views on incident response. It also contains some helpful statistics. Increase in follow-up action by the Dutch DPA It is clear from the report that the Dutch DPA is still... Continue Reading| Data Protection Report
Financial regulators globally emphasise the importance of financial entities being operationally resilient, which includes the ability to manage and recover from disruptions caused by their service providers. The topic receives significant attention in the financial services sector because the sector is regulated, with the aim of promoting financial system stability. Continue reading Continue Reading| Data Protection Report
Agentic AI brings the promise of AI making a range of decisions autonomously. It has been proposed as the way forward for some of the most impactful| Data Protection Report
Several U.S. states have recently introduced and passed legislation to expand data breach notification rules and to mirror some of the protections| Data Protection Report
On August 14, 2025, the New York Department of Financial Services (“NYDFS”) entered into a consent order with Healthplex, Inc, (“Healthplex”), which is licensed by NYDFS as an independent claims adjuster and as a life and/or accident health insurance agent. In the consent order, Healthplex agreed to pay NYDFS $2 million and to change some... Continue Reading| Data Protection Report
On July 24, 2025, the California Privacy Protection Agency (CPPA) approved regulations that would impose a new requirement under the California Consumer| Data Protection Report
As organisations continue with their roll-out of AI, the global regulatory landscape is becoming increasingly complex. AI-specific laws like| Data Protection Report
On June 13, 2024, the California Attorney General announced a $6.75 million judgment against Blackbaud regarding its data breach from 2020. (We had| Data Protection Report
On August 13, 2024, the New York Attorney General announced a settlement agreement, along with the Attorneys General of Connecticut and New Jersey, with| Data Protection Report
On 16 July 2024, the Malaysian Dewan Rakyat (House of Representatives of the Malaysian Parliament) passed the Personal Data Protection (Amendment) Bill| Data Protection Report
