Overview
On October 21, 2025, the New York State Department of Financial Services (NYDFS) released comprehensive guidance for registrants regarding management of cybersecurity risks associated with third-party service providers (TPSPs) including cloud computing, file transfer system, AI and fintech solutions.[1] As reliance on external vendors for critical technology services grows, so too do the
With Halloween lurking around the corner and as National Cybersecurity Awareness Month comes to a close, the McGuireWoods Data Privacy & Cybersecurity Practice Group reminds you to not wait to be spooked by a cybersecurity incident or haunted by the task of maintaining your cybersecurity program.
Today’s threat landscape is rapidly changing and accelerated evermore
In a significant step toward strengthening consumer privacy protections, the California Privacy Protection Agency (CPPA) board has officially adopted a comprehensive set of updates to the California Consumer Privacy Act (CCPA) regulations. These long-anticipated regulations—covering cybersecurity audits, risk assessments, and automated decision-making technology (ADMT)—mark a pivotal shift in the state’s data privacy enforcement landscape.
Amazon’s recent announcement to invest at least $20 billion in cloud computing and AI data center campuses across Pennsylvania — a record‑breaking private investment in the state — marks a turning point in digital infrastructure build-out. Spanning sites in Luzerne and Bucks counties, the project promises 1,250 full‑time roles and thousands more in construction, while pairing
In response to increased cybersecurity threats and significant regulatory enforcement actions, on Dec. 27, 2024, the Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking seeking to enhance cybersecurity protections under the Security Rule implemented pursuant to the Health Insurance Portability and Accountability Act of 1996. While the proposed rule is
Investing in artificial intelligence (AI) companies has become a riskier and more involved process than in previous years. Companies need new processes and tools to follow the more stringent AI regulations that are on the horizon (at least in Europe and the United States). Regulators are discussing how best to structure AI regulations in order
The technology sector runs the gamut from artificial intelligence (AI), the Internet of Things (IoT) to SaaS companies or cybersecurity, and from the biggest household names to the smallest companies being operated out of garages. The rise of AI and traps for the unwary were previously covered here. Risks of investing in SaaS Solutions
Artificial intelligence (AI) refers to the ability of a computer or a computer-enabled robotic system to process information and produce outcomes in a manner similar to the thought processes of humans in learning, decision making and problem solving. As a result of rapid advances in AI, pre-pandemic, McKinsey Global Institute estimated that between 75 and
Recent cyber-attacks hurt individuals and investors on a regular basis. Recent attacks have cost hundreds of millions of dollars. Firms that have dismissed the dangers are increasingly at risk of regulatory action. New European laws will likely increase fines for non-compliance with cyber-security standards. New York’s financial regulator recently enacted new cyber-security rules in August.