Privacy & Information Security Law Blog

The California Privacy Protection Agency recently released modified draft regulations in response to public feedback on its proposed updates to the California Consumer Privacy Act regulations.

On April 8, 2025, the Department of Justice’s Final Rule restricting the bulk transfer of sensitive U.S. personal and government data to certain countries and persons of concern went into effect.

The Centre for Information Policy Leadership at Hunton recently released a white paper on Privacy-Enhancing and Privacy-Preserving Technologies in AI: Enabling Data Use and Operationalizing Privacy by Design and Default. CIPL is hosting a webinar on the key themes of the Paper on April 29, 2025.

On April 1, 2025, the UK government published the Cyber Security and Resilience Policy Statement, which details the UK government’s legislative proposals for the Cyber Security and Resilience Bill.

On March 24, 2025, the U.S. National Institute of Standards and Technology published a report titled “Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations.”

On March 27, 2025, the Information Commissioner's Office announced that it had issued a fine against Advanced Computer Software Group for £3.07 million for non-compliance with security rules identified through an investigation following a ransomware attack.

On March 28, 2025, the Cyberspace Administration of China issued draft amendments to the Cybersecurity Law for public comment.

Update: On April 2, 2025, the Virginia legislature declined to adopt Governor Youngkin’s amendments to S.B. 854, and returned the bill back to the Governor for consideration.

On March 24, 2025, Virginia Governor Glenn Youngkin asked the Virginia state legislature to strengthen the protections provided in a bill passed by the legislature earlier this month that imposes significant restrictions on minors’ social media use.

On March 24, 2025, Virginia Governor Youngkin signed into law S.B. 754, amends the Virginia Consumer Protection Act (“VCPA”), to prohibit the collection, disclosure, sale or dissemination of consumers’ reproductive or sexual health data without consent.

On March 18, 2025, NetChoice filed a lawsuit seeking to enjoin a Louisiana law, the Secure Online Child Interaction and Age Limitation Act, from taking effect this July.