For years, federal cyber policy has been based on successful public-private partnerships, collaboration, and the promotion of voluntary standards that can be tailored to sector and organization-specific risk and needs....more
1/16/2023
/ Critical Infrastructure Sectors ,
Customer Proprietary Network Information (CPNI) ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Framework ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Disclosure Requirements ,
Emerging Technology Companies ,
Federal Trade Commission (FTC) ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Sharing ,
NDAA ,
Popular ,
Regulatory Agencies ,
Risk Management ,
Securities and Exchange Commission (SEC)
On January 6, 2023, the Federal Communications Commission (FCC or Commission) released its Data Breach Reporting Requirements NPRM (NPRM) after adopting the item by a 4-0 vote on December 28, 2022. This long-awaited NPRM...more
On January 5, 2023, the Federal Trade Commission (FTC or Commission) released a Notice of Proposed Rulemaking (NPRM) that seeks to ban employers from imposing or enforcing non-compete clauses on workers. The FTC’s proposed...more
On December 15, 2022, Congress passed the James M. Inhofe National Defense Authorization Act for Fiscal Year (FY) 2023 (NDAA or Act), which President Biden is expected to sign into law soon. The NDAA contains numerous...more
WHAT: Congress is advancing the final version of the National Defense Authorization Act (NDAA) for Fiscal Year 2023 (FY 2023). With provisions similar to Section 889 of the FY 2019 NDAA, Section 5949 of the FY 2023 NDAA...more
On November 25, 2022, the Federal Communications Commission (FCC or Commission) released a Report & Order, Order, and Further Notice of Proposed Rulemaking (R&O, Order, and FNPRM; collectively, the Item) that makes...more
Most of the world’s popular telecommunications services, like social media platforms and message services, operate within the United States, but many operate overseas as well. Law enforcement in the United States and...more
On September 29, 2022, the Federal Insurance Office (FIO) of the Department of the Treasury published a Request for Comment (RFC) related to cyber insurance and catastrophic cyber incidents....more
The Supreme Court’s OT 2022 docket is shaping up to be another significant term. Although the Court will continue to take up more petitions in the coming months, its current docket is already poised to have significant...more
10/6/2022
/ Certiorari ,
Communications Decency Act ,
Consumer Privacy Rights ,
Data Security ,
Federal Trade Commission (FTC) ,
Google ,
Privacy Laws ,
SCOTUS ,
Section 230 ,
Social Media ,
Technology Sector
At this week’s #MWC22, cybersecurity has been a major focus. Several panels were dedicated to exploring timely cybersecurity issues, including new and growing threat vectors; innovative industry advancements in cybersecurity;...more
On August 29, 2022, the Maryland Court of Appeals issued its opinion in Richardson v. Maryland, expanding the protection of the Fourth Amendment for subjects of criminal investigations whose cell phones are subject to a...more
NIST continues to work on several cybersecurity and privacy workstreams of interest to the private sector. While NIST has traditionally supported federal agencies’ IT security, over the past several years it has taken on (and...more
On September 15, 2022, California Governor Newsom announced his signing of A.B. 2273, the California Age-Appropriate Design Code Act, which the legislature passed on August 30. The law – modeled after the United Kingdom...more
9/19/2022
/ California ,
California Consumer Privacy Act (CCPA) ,
COPPA ,
Data Profiling ,
Governor Newsom ,
New Legislation ,
Online Advertisements ,
Privacy Settings ,
Targeted Digital Advertising ,
Transparency ,
UK
In 2021, Congress created a new cyber leadership position within the White House, enacting a suggestion from the Cyberspace Solarium Commission, to develop a new Office of the National Cyber Director (ONCD). ...more
Congress has directed the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) to create broad new rules for mandatory cyber incident reporting to be imposed on critical...more
On August 11, 2022, the Federal Trade Commission (FTC) issued an Advance Notice of Proposed Rulemaking (ANPR), titled “Trade Regulation Rule on Commercial Surveillance and Data Security”. The wide-ranging ANPR seeks feedback...more
9/19/2022
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
COPPA ,
Data Management ,
Data Security ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
FTC Act ,
GLBA Privacy ,
Privacy Legislation ,
Right to Delete ,
Surveillance ,
Targeted Digital Advertising
On August 30, 2022, the California Legislature passed A.B. 2273, the California Age-Appropriate Design Code Act. The bill – which is modeled after the United Kingdom Information Commissioner’s Office code of practice for age...more
9/1/2022
/ Algorithms ,
California ,
California Consumer Privacy Act (CCPA) ,
COPPA ,
Data Profiling ,
Data Protection ,
Marketing ,
Online Advertisements ,
Privacy Settings ,
Private Right of Action ,
UK
On July 29, 2022, the New York Department of Financial Services (DFS) released Draft Amendments to its Part 500 Cybersecurity Rules. These changes are open for a preliminary public comment until August 18, and then an...more
8/17/2022
/ Chief Information Security Officer (CISO) ,
Covered Entities ,
Cyber Incident Reporting ,
Cybersecurity ,
Financial Institutions ,
Financial Services Industry ,
Multi-Factor Authentication ,
New York ,
Popular ,
Proposed Amendments ,
Securities and Exchange Commission (SEC)
On August 11, 2022, the Consumer Financial Protection Bureau (CFPB) published a Circular stating that the failure of financial institutions, including nonbank financial firms such as fintech companies and credit reporting...more
On August 11, 2022, the Federal Trade Commission (FTC) released its much anticipated advance notice of proposed rulemaking (ANPR), titled “Trade Regulation Rule on Commercial Surveillance and Data Security.” The ANPR is the...more
8/12/2022
/ Administrative Procedure Act ,
Advanced Notice of Proposed Rulemaking (ANPRM) ,
Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Communications Decency Act ,
Consent ,
Consumer Financial Products ,
Corporate Counsel ,
Data Collection ,
Data Security ,
Federal Register ,
Federal Trade Commission (FTC) ,
FTC Act ,
Surveillance ,
Transparency ,
Unfair or Deceptive Trade Practices
At its July Open Commission meeting, the Federal Communications Commission’s (FCC or Commission) voted to approve a Notice of Apparent Liability for Forfeiture (NAL) against Thomas Dorsher, ChariTel Inc, OnTel Inc, and...more
7/20/2022
/ Arbitrage ,
Consent ,
FCC ,
Notice of Apparent Liability (NAL) ,
Piercing the Corporate Veil ,
Public Announcements ,
Robocalling ,
Scams ,
TCPA ,
Toll-Free Numbers ,
Willful Violations
This term, in West Virginia v. EPA, the U.S. Supreme Court held that the U.S. Environmental Protection Agency (EPA) could not compel a nationwide shift away from coal-powered electricity generation. The Court reasoned that it...more
Account security and digital identity have been hot topics for regulators and at the National Institute of Standards and Technology (NIST). The government has been promoting multifactor authentication (MFA) and innovation in...more
7/1/2022
/ Authentication ,
Consumer Privacy Rights ,
Cybersecurity ,
Email ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Multi-Factor Authentication ,
NIST ,
Online Advertisements ,
Passwords ,
Personal Information ,
Privacy Policy ,
Social Media
Megan Brown sits down with Christopher Roberti, Senior Vice President for Cyber, Intelligence, and Supply Chain Security Policy, U.S. Chamber of Commerce. Are cyber public private partnerships obsolete? What should the...more
The headlines scream: “FBI made 3.4M warrantless U.S. data searches,” claiming that the FBI carried out nearly 3.4 million warrantless searches of Americans’ electronic data that was collected as part of the government’s...more