We hope you have read about the reporting on potential ransomware attacks on US hospitals and perhaps other health care providers. If you have not, please review this guidance from the government agencies involved in this...more
In September, the California Attorney General (the “AG”) reached a settlement with Glow, Inc. (“Glow”), a technology company that is responsible for an ovulation and fertility-tracking mobile application called the Glow app....more
The Coronavirus Aid, Relief, and Economic Security (“CARES”) Act, signed into law on March 28, contains important relief authority for federal contractors affected by the COVID-19 pandemic. Specifically, Section 3610 of the...more
On February 27, 2020, the Cybersecurity Unit of the Justice Department’s Computer Crime and Intellectual Property Section released a guidance document addressing “Legal Considerations when Gathering Online Cyber Threat...more
The US Department of the Treasury recently published for public comment two proposed regulations that will expand the jurisdiction of the Committee on Foreign Investment in the United States (CFIUS) and make substantive...more
9/27/2019
/ CFIUS ,
Covered Transactions ,
Critical Infrastructure Sectors ,
Cross-Border Transactions ,
Export Controls ,
FIRRMA ,
Foreign Investment ,
Proposed Regulation ,
Proposed Rules ,
Public Comment ,
Real Estate Transactions ,
U.S. Treasury
On May 15, 2019, President Trump issued an Executive Order (EO) declaring a national emergency and paving the way for a ban on the use of Huawei equipment and services in U.S. telecommunication networks. On the same day, the...more
5/17/2019
/ Bureau of Industry and Security (BIS) ,
China ,
Executive Orders ,
Exports ,
General Licenses ,
Imports ,
National Security ,
Savings Clause ,
Supply Chain ,
Telecommunications ,
Trade Relations ,
Trump Administration ,
U.S. Commerce Department ,
US Trade Policies
On October 10, 2018, the US Department of the Treasury launched a significant pilot program to implement part of the Foreign Investment Risk Review Modernization Act (FIRRMA) while final rules are being crafted. The pilot...more
10/17/2018
/ CFIUS ,
Federal Pilot Programs ,
Filing Requirements ,
FIRRMA ,
Foreign Investment ,
ITAR ,
National Security ,
NDAA ,
New Regulations ,
Trump Administration ,
U.S. Treasury
On August 1, 2018, the Senate passed the National Defense Authorization Act for Fiscal Year 2019 (NDAA). The House of Representatives passed the same bill last week, and it will now go to the President for his signature....more
Despite generally favorable macroeconomic conditions, high levels of cash among strategic acquirers and low interest rates, the number of reported M&A transactions and deal value worldwide both declined for the second...more
On April 24, 2018, the Securities and Exchange Commission announced a settled enforcement proceeding against Altaba Inc. (formerly known as Yahoo! Inc.) arising out of data breaches suffered by Yahoo in 2014, 2015 and 2016....more
Cybersecurity is one of the highest priority issues for public company executives and directors. This note shares our views—developed over our involvement in the aftermath of many cybersecurity events as well as counseling on...more
On February 21, 2018, the Securities and Exchange Commission (SEC) approved an interpretive release updating guidance on public company disclosure and other obligations concerning cybersecurity matters. The interpretive...more
Under the Department of Defense (DoD) final Defense Federal Acquisition Regulation Supplement (DFARS) rule on Network Penetration Reporting and Contracting for Cloud Services, DoD contractors maintaining, processing, or...more
On May 11, President Trump signed his long-awaited Executive Order on “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” Much of the Order mandates efforts to improve the government's own...more
Several media organizations this week published a pre-release copy of the report of the Health Care Industry Cybersecurity Task Force established pursuant to the Cybersecurity Act of 2015. The report, written by a 21-member...more
On February 16, the New York State Department of Financial Services (NYDFS) issued cybersecurity regulations for banks, insurance companies and other financial institutions subject to NYDFS jurisdiction. ...more
On Thursday, December 1, the nonpartisan Commission on Enhancing National Cybersecurity, established pursuant to an Executive Order in February, issued its report, outlining more than 50 recommendations for the next...more
The Standing Committee of China's National People's Congress (NPC) adopted the country's Cybersecurity Law1 on November 7—the latest in a spate of national security-related measures targeting the ICT industry. Drafts of the...more
On October 21, 2016, the Department of Defense (DoD) issued its final rule on Network Penetration Reporting and Contracting for Cloud Services, amending an interim version issued on August 26, 2015, and revised on December...more
Yesterday, the Office of the Comptroller of the Currency (OCC), the Federal Reserve Board (Fed), and the Federal Deposit Insurance Corporation (FDIC) issued a joint advanced notice of proposed rulemaking (ANPRM) seeking...more
The Privacy Shield framework is a voluntary program that provides companies with a mechanism for complying with EU data protection requirements when transferring personal data from the EU to the US. The framework is open to...more
The European Commission formally adopted the EU-US Privacy Shield on July 12, 2016, ending months of legal uncertainty with a new framework for governing transatlantic data transfers after the Privacy Safe Harbor framework...more
7/13/2016
/ Data Protection Authority ,
Data Retention ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Personal Data ,
Privacy Policy ,
Self-Certification ,
Surveillance ,
Third-Party ,
U.S. Commerce Department
In its latest report to Congress, the Committee on Foreign Investment in the United States (CFIUS), the US government's interagency body that vets foreign investment with national security implications, reported that it...more
6/6/2016
/ Acquisitions ,
Annual Reports ,
Canada ,
CFIUS ,
China ,
Critical Infrastructure Sectors ,
Defense Sector ,
Divestment ,
Due Diligence ,
Foreign Investment ,
Japan ,
National Security ,
Supply Chain ,
UK
On May 16, 2016, the Federal Acquisition Regulations (“FAR”) Council published the final FAR rule on Basic Safeguarding of Contractor Information Systems. The rule is intended to prescribe “the most basic level” of...more
Legal Framework -
Summarise the main statutes and regulations that promote
cybersecurity. Does your jurisdiction have dedicated
cybersecurity laws?
The United States generally addresses cybersecurity...more
3/7/2016
/ Cloud Computing ,
Computer Fraud and Abuse Act (CFAA) ,
Cyber Incident Reporting ,
Cyber Insurance ,
Cybersecurity ,
Cybersecurity Act of 2015 ,
Data Protection ,
DFARS ,
DMCA ,
ECPA ,
Federal Trade Commission (FTC) ,
FERC ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
PCI-DSS Standard ,
Popular ,
Risk Management ,
Sarbanes-Oxley ,
State Data Breach Notification Statutes