Privacy & Information Security Law Blog

On March 27, 2025, the Information Commissioner's Office announced that it had issued a fine against Advanced Computer Software Group for £3.07 million for non-compliance with security rules identified through an investigation following a ransomware attack.

On March 28, 2025, the Cyberspace Administration of China issued draft amendments to the Cybersecurity Law for public comment.

On March 24, 2025, Virginia Governor Glenn Youngkin asked the Virginia state legislature to strengthen the protections provided in a bill passed by the legislature earlier this month that imposes significant restrictions on minors’ social media use.

On March 24, 2025, Virginia Governor Youngkin signed into law S.B. 754, amends the Virginia Consumer Protection Act (“VCPA”), to prohibit the collection, disclosure, sale or dissemination of consumers’ reproductive or sexual health data without consent.

On March 18, 2025, NetChoice filed a lawsuit seeking to enjoin a Louisiana law, the Secure Online Child Interaction and Age Limitation Act, from taking effect this July.

On March 25, 2025, Virginia Governor Glenn Youngkin vetoed the High-Risk Artificial Intelligence Developer and Deployer Act, which had been passed by the Virginia legislature. The Act would have imposed accountability and transparency requirements with respect to the development and deployment of “high-risk” AI systems.

On March 21, 2025, the Cyberspace Administration of China and the Ministry of Public Security jointly released the Security Management Measures for the Application of Facial Recognition Technology, which will become effective on June 1, 2025.

Hunton is pleased to host the first of its Technology Forum roadshows in Cleveland, Ohio, on May 14, 2025. Join us as we bring together industry professionals in privacy, technology and procurement for a half-day program to discuss the hottest topics facing businesses today.

On March 18, 2025, the European Commission proposed to adopt an extension of the two adequacy decisions with the UK for a period of six months. 

On March 15, 2025, Kentucky Governor Andy Beshear signed into law a bill amending the Kentucky Consumer Data Protection Act to exempt from the law’s application certain data subject to HIPAA.