Insights Search

On February 11, Michael Kurzer, partner in our Technology Transactions & Intellectual Property group along with Kevin Szczepanski, Co-Chair of the Data Security & Technology Practice Area at Barclay Damon join Jill Malandrino on Nasdaq TradeTalks to discuss cybersecurity litigation trends on the state and federal levels and what that means for corporate compliance amid rising cyber threats and evolving regulations.

Driven by the demand for AI-ready cloud infrastructure, the market cap for global data center construction, currently valued at more than $250 billion, is set to double in less than ten years, reaching half a trillion dollars by 2034.

On January 13, 2025, Texas Attorney General Ken Paxton (“Texas AG”) filed the first-ever enforcement action under the Texas Data Privacy and Security Act (“TDPSA”) against insurance company Allstate and its subsidiary, Arity (collectively, “Defendants”).

On November 7, 2024, the Transportation Security Administration (the “TSA”) published a Notice of Proposed Rulemaking (the “Proposed Rule”) that would mandate cyber risk management (“CRM”) and reporting requirements for certain surface transportation owners and operators, including certain pipeline, freight railroad, passenger railroad, rail transit, and over-the-road bus owners and operators.

On January 13, 2025, the Securities and Exchange Commission (“SEC”) filed a settled enforcement action against Ashford Inc. (“Ashford” or “the Company”), a company that provides products and services to the real estate and hospitality industries, for making false and misleading disclosures about a cybersecurity incident that exposed sensitive hotel customer information.

Proposed cybersecurity regulation may face changes or challenges in view of the incoming Trump administration that is intent on reducing the perceived regulatory burden on American companies and streamlining government operations. Still, the incoming administration is not likely to dismiss the importance of cybersecurity for the nation, but will aim to balance the need for collaboration and awareness with the reasonable demands on the private sector.

This program provided an update on emerging threats, security tools to mitigate those threats, and walk step-by-step through a recent ransomware attack.

On October 15, 2024, the Department of Defense (“DoD”) released its final rule (the “Final Rule”) formally establishing the Cybersecurity Maturity Model Certification (“CMMC”) program, nearly three years after first announcing its plan for the initiative.

On November 14, Vinson & Elkins hosted an Energy Regulatory Conference in its Houston office.

Welcome to Vinson & Elkins’ Securities and ESG Updates.

On July 30, 2024, Meta Platforms, Inc. (formerly known as Facebook, Inc.) agreed to pay $1.4 billion to the State of Texas to settle a lawsuit alleging that Meta unlawfully captured and used biometric identifiers of millions of Texans without their consent.

The Texas Data Privacy and Security Act (“TDPSA” or the “Act”) came into effect on July 1, 2024.