Multi‑factor authentication (MFA) is now a well-established baseline cybersecurity control. The amended New York Department of Financial Services (NY DFS) solidified that understanding and expanded MFA requirements under 23 NYCRR Part 500 (the NY DFS
On 9 February 2026, the Commission Nationale de l’Informatique et des Libertés (CNIL) published its 2025 report on its enforcement action. Beyond the €487 million – in cumulative fines – largely driven (unsurprisingly) by two sanctions related to cookies, another
On January 1, 2026, the California Privacy Protection Agency’s (“CalPrivacy”) cybersecurity audit regulations (the “Regulations”) took effect after several years of rulemaking and public comment. As previewed in the Data Protection Report, certain businesses subject to the California Consumer
Earlier this year, the Attorneys General of Massachusetts and Connecticut entered into settlement agreements with Comstar, LLC, an ambulance billing firm, relating to alleged HIPAA regulation violations in connection with a ransomware incident. Comstar is a business associate under HIPAA
Introduction
The latest developments in the Middle East – marked by a significant surge in military activity and retaliatory strikes across the region – have been accompanied by a parallel intensification of cyber operations.
It is common in such situations
We recently drafted an article that discussed court decisions that reached very different conclusions about how the attorney-client privilege and work product doctrine apply to materials submitted to and created by generative AI (GenAI) tools. A recent decision from the