• |

    Mar. 5, 2025

FTC Settlement Spotlights Security of APIs Proliferating Across the Internet

GoDaddy touted its web hosting services as “Ridiculously fast. Seriously secure.” The FTC found that statement deceptive because three breaches proved the company’s security was critically flawed and inadequate. Last month, the FTC’s settlement with GoDaddy included multiple requirements to secure application programming interfaces (APIs), which are the data gateways that have proliferated in an era of cloud-based applications and AI. This article examines noteworthy provisions in the GoDaddy settlement, discusses benchmarks for API security addressed in a Salt Labs survey published last week and offers fundamental API security steps that companies can consider. See “Restricting Super Users and Zombie IDs to Increase Cloud Security” (Jul. 31, 2024).

Navigating Evolving Mobile App Privacy Issues

The increase in data protection laws and regulatory focus, as well as the nature and amount of the data collected from users, requires mobile app developers to prioritize compliance. Distilling insights offered by Baker McKenzie and Sourcepoint during a February 2025 program, this article addresses the key privacy concerns associated with apps’ extensive and persistent data collection capabilities, especially as they relate to sensitive personal information. It also examines legal and regulatory developments concerning location and children’s data, and offers strategies for ensuring compliance with those developments, including in connection with data minimization, transparency, consent and managing third-party data disclosures. See “Crafting Effective Mobile Device Policies to Satisfy Regulatory Expectations” (Apr. 3, 2024).

The Algorithmic CCO: AI’s Role in Shaping the Future of Hedge Fund Governance

The financial services sector increasingly leverages AI-driven technologies to gain competitive advantages and meet the demands of rapidly evolving markets. By leveraging AI tools for surveillance, analytics and reporting, firms can gain a proactive edge in managing compliance risks, ultimately strengthening investor confidence and protecting the integrity of the markets. This first installment in a two-part guest article series by Brian Meyer, a partner at AirGC, examines the evolving compliance governance landscape, current and emerging AI use cases in compliance, and potential regulatory challenges. The second article will discuss the shift in the skill set required of the modern CCO, practical steps for implementing AI in compliance functions and the future of AI in hedge fund governance. See “Transforming Security and Privacy Workloads With Generative AI: A Comprehensive Framework” (Feb. 19, 2025).

Former White House Official Joins Sidley’s Privacy and Cybersecurity Practice in D.C.

Sidley has welcomed Michael Hochman to its privacy and cybersecurity practice as a partner in Washington, D.C. He joins from the White House Office of the National Cyber Director, where he served as Chief of Staff for the past four years. For insights from Sidley, see our two-part series on emerging issues in workplace privacy: “Data Collected and Employees’ Perspectives” (Oct. 23, 2024), and “Regulations and Compliance Strategies” (Oct. 30, 2024); as well as “Meeting DOJ Expectations Post-Resolution Requires Realism and Accountability” (Oct. 16, 2024).

Most-Read Articles

Women to Watch: Contributions, Achievements and Observations of Outstanding Female Professionals

To mark International Women’s Day, women editors and reporters at ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Law Report Group editors Jill Abitbol, Robin L. Barton and Megan Zwiebel profile notable women in data privacy, cybersecurity, private funds and anti-corruption law, including Anne-Gabrielle Haie, Jessica Lee, Micaela McMurrough, Laura Perkins, Amanda Raad, Madelyn Calabrese, Ranah Esmaili and Genna Garver. Enjoy reading their inspiring remarks here.

Celebrating Data Privacy Day 2025

Read the full brief here.

Cybersecurity Awareness Month

Read the full brief here.