Key Takeaways

• The SEC’s agreement with defendants to dismiss, with prejudice, its case against SolarWinds Corporation (SolarWinds) and its chief information security officer (CISO) signals a retreat from aggressive, novel enforcement theories in cybersecurity disclosure cases.
• Although technical cybersecurity violations without investor harm

The Federal Trade Commission and Utah Attorney General recently announced a settlement with Aylo Group Ltd.

Congress included in the appropriations bill of November 12, 2025, an extension of the Cybersecurity Information Sharing Act of 2015 (CISA 2015), 6 U.S.C. §§ 1501–10, through January 30, 2026. 

Congress members have proposed legislation that would introduce new measures to enhance the United States’ cybersecurity resilience in the face of advancing quantum computing capabilities.

On September 23, 2025, the California Privacy Protection Agency confirmed that their cyber audit regulations will at long last go into effect on January 1, 2026. 

You can be forgiven for losing track since these were first proposed in September 2023, but now is the time to start considering how they will apply to your company and budgeting for that impact. 

State Updates, Security Mandates, and the Federal Regulatory Horizon

The U.S. Department of Justice (DOJ) “Data Security Program” (DSP), also known as the “Sensitive Data Rule” or “Bulk Data Rule,” has prompted numerous questions about its scope and application. 

Key Takeaways

• Multiple agencies of the U.S.

The Connecticut Governor signed SB 1295 into law on June 25, 2025, again amending the Connecticut Data Privacy Act (CTDPA). 

Roughly six months since Andrew Ferguson became Chairman of the Federal Trade Commission, an FTC workshop on children’s privacy and online safety has provided a glimpse into the agency’s approach to these issues.

Perkins Coie partner Janis Kestenbaum says the FTC is keeping the pressure on strong consumer protection enforcement despite the Trump administration’s deregulatory agenda.