• |

    Oct. 15, 2025

New Duties Around Pseudonymized Data After E.U. Court Decision

The Court of Justice of the European Union recently issued a decision expanding obligations around handling of pseudonymized data, while clarifying that pseudonymized data is not always personal data – supporting the use of such data to train AI. This article, with insights from experts at Bird & Bird, Clifford Chance, Dentons and Jones Day, examines the practical implications of the decision’s key holdings around pseudonymous data, and discusses some of the outstanding uncertainties, anticipated regulatory guidance and how companies can prepare to update their practices. See “Managing Data Transfers After Latombe” (Oct. 8, 2025).

AI Regulation in South America and Practical Steps for Taking a Global Approach to AI Governance

The E.U.’s AI Act is not the only broad legislative regime governing deployment of AI. Nations around the world are applying existing legal and regulatory regimes to AI and adopting new laws and regulations – often founded on the same core principles underlying the E.U. AI Act. This article, distilling insights shared during a recent Strafford program by partners from Orrick and Veirano Advogados, examines the potential impact of pending national AI legislation in South America and provides 10 practical global AI governance action items. See “Benchmarking AI Governance Practices and Challenges” (May 7, 2025).

SEC Staff Discuss Regulation S‑P Amendments and Related Examination Processes

In anticipation of the December 3, 2025, deadline for large firms to comply with the SEC’s 2024 amendments to Regulation S‑P (Amendments), the regulator is holding a series of outreach events to promote compliance readiness. Furthering the SEC’s focus on “robust customer protection through strong compliance,” the Amendments are designed to ensure customers “have notice of [a] covered institution’s potential data breach and take steps to protect themselves if they choose,” said Keith Cassidy, acting Director of the SEC Division of Examinations (Exams) and National Associate Director of its Technology Controls Program, at the first of such events. This article synthesizes the key takeaways from the program, which included staff from Exams and the Divisions of Investment Management and Trading and Markets. See “What Regulated Companies Need to Know About the SEC’s Final Amendments to Regulation S‑P” (Jul. 24, 2024).

Former Texas AG Privacy Enforcer Joins Womble’s Privacy and Cybersecurity Practice in Houston

Womble Bond Dickinson has welcomed Tyler Bridegan as a partner in the firm’s privacy and cybersecurity practice and as a member of its AI and machine learning team in Houston. He joins from the Texas AG’s Office, where he served as Director of Privacy and Technology Enforcement. For commentary from Bridegan, see “State AG Representatives Disclose AI Regulatory and Enforcement Outlook” (Oct. 8, 2025); and “FTC and State Enforcers Reveal What’s Next and What to Do About It” (Oct. 2, 2024). For insights from Womble, see “U.K. Equifax Fine Calls for Stricter Parent-Subsidiary Data-Sharing Processes” (Oct. 25, 2023); and “How Colonial Pipeline Changed Advice on Ransomware Preparation and Response” (Apr. 6, 2022).

Most-Read Articles

Women to Watch: Contributions, Achievements and Observations of Outstanding Female Professionals

To mark International Women’s Day, women editors and reporters at ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Law Report Group editors Jill Abitbol, Robin L. Barton and Megan Zwiebel profile notable women in data privacy, cybersecurity, private funds and anti-corruption law, including Anne-Gabrielle Haie, Jessica Lee, Micaela McMurrough, Laura Perkins, Amanda Raad, Madelyn Calabrese, Ranah Esmaili and Genna Garver. Enjoy reading their inspiring remarks here.

Celebrating Data Privacy Day 2025

Read the full brief here.

Cybersecurity Awareness Month

Read the full brief here.