On November 10, 2025, New York’s disclosure law on algorithmic pricing went into effect. This post will describe the law, a recent federal court case, and some potential effects, using precise geolocation data as an example.
The law
The law
Many data breaches occur not at the company that controls or owns the data, but rather at the company’s third-party service providers or vendors. Regulators have noticed and have begun placing emphasis on a company’s obligation to monitor its service
Happy e-Discovery Day! On December 4, 2025, legal professionals around the globe will unite to celebrate e-Discovery Day, a day where we honor the pivotal 2006 amendments to the Federal Rules of Civil Procedure (FRCP) that marked a turning point
This blog post includes headline points on new obligations for the data centre sector proposed under the Cyber Security and Resilience Bill, and existing obligations under the NIS Regulations.
The Cyber Security and Resilience Bill proposes changes to the UK’s NIS Regulations. Without a ‘Keeling Schedule’ marking up the amendments, these can be difficult to track. We have prepared a mark-up reflecting the proposed changes.
On November 18, 2025, companies had another opportunity to test their resiliency when connectivity and security provider Cloudflare had an outage of about four hours, which resulted in several popular websites going offline while others managed to provide some services
The Cybersecurity Information Sharing Act of 2015 (CISA 2015) has been temporarily reauthorized as part of the broader legislation passed on November 12, 2025, to reopen the federal government. Under the appropriation legislation, CISA 2015 is now reauthorized until January
The EU Commission recently held a call for evidence on “simplification” of legislation in the data, cybersecurity, and AI space, ahead of a “Digital Omnibus” Act. These changes look to make the EU’s digital rulebook more innovation-friendly, supporting the Commission’s
California recently signed into law Senate Bill No. 446, which amends its data breach notification law, Section 1798.82 of the Civil Code, to require covered companies to notify affected California residents within 30 calendar days of discovery of the data
On October 21, 2025, the New York Department of Financial Services (NYDFS) issued guidance to help licensees comply with its cybersecurity regulation. The non-exclusive checklists may be of interest to companies not licensed by NYDFS and even those not