Data Privacy & Cybersecurity

In a May 6 webinar, GT Shareholders Jena M. Valdetero and Reena Bajowala will draw on lessons from thousands of real-world data breaches to help legal and business teams build stronger cyber incident response strategies. Register now.

Continue Reading May 6 WEBINAR | Cyber Incident Response: Lessons Learned From Thousands of Breaches

With its Russmedia judgment (C-492/23, Grand Chamber, 2 December 2025), the Court of Justice of the European Union (CJEU or Court) fundamentally reshapes how online marketplaces and other platforms hosting user-generated content must approach data protection compliance.
Continue Reading CJEU’s Russmedia Decision Expands Platform Controller Duties Under GDPR

Data brokers who offered brokerage services in California in 2025 must register or re-register their status with the state’s data broker registry by Jan. 31, 2026. 

In-scope companies that fail to do so may be liable for administrative fines or even reasonable expenses incurred by the CalPrivacy regulator in investigating and bringing an administrative action

Please join Greenberg Traurig and San Francisco shareholders Darren J. Abernethy and Gretchen A. Ramos on Dec. 10, 2025, for a CLE reviewing the key activities from this year in the world of data privacy and reading the tea leaves for what in-house counsel teams may expect for next year, with a focus on practical action items for businesses.
Continue Reading ACC Webinar: Getting Ready for 2026 – Data Privacy Compliance Priorities

The last remaining provisions of the amendments to the New York Department of Financial Services’ (DFS) cybersecurity regulation called Part 500 came into effect Nov. 1, 2025.

Continue Reading NYDFS Final Cybersecurity Rules – MFA, Asset Inventory, and Third-Party Risk

On Oct. 28, 2025, please join Greenberg Traurig and leaders from its Chambers USA Band 1 Retail Industry Group and Privacy & Cybersecurity Practice, along with a legal director from Scott’s Company LLC, for a CLE exploring the evolving landscape of data privacy and security laws and their impact on in-house legal teams.

This expert

Starting Nov. 10, 2025, contractors and subcontractors handling controlled unclassified information (CUI) may be required to have a current CMMC Level 2 self-assessment for new contracts and option exercises involving CUI.
Continue Reading Recapping CMMC Level 2: Considerations for Government Contractors

Cybersecurity month starts with a critical compliance date for the Department of Justice (DOJ)’s Data Security Program (DSP). Starting on Oct. 6, any U.S. person or company handling Americans’ bulk sensitive or personal data or U.S. government-related data must implement a written data compliance program that lays out specified due diligence, audit, reporting, and recordkeeping processes for covered data transactions.
Continue Reading Incoming Deadlines and Requirements for DOJ’s Data Security Program on Oct. 6, 2025

On Sept. 23, 2025, the California Privacy Protection Agency (CPPA) announced that the state’s Office of Administrative Law (OAL) had formally approved the CPPA’s wide-ranging package of revised and new California Consumer Privacy Act (CCPA) regulations.
Continue Reading Revised and New CCPA Regulations Set to Take Effect on Jan. 1, 2026 – Summary of Near-Term Action Items