Welcome to the July 2025 edition of the Jenner & Block Japan Newsletter, a publication containing updates about legal developments in the United States that may be noteworthy to our clients and other leaders in the Japanese...more
7/22/2025
/ Arbitration ,
Consumer Financial Protection Bureau (CFPB) ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Delaware ,
Employer Liability Issues ,
Employment Contract ,
EU ,
Foreign Corrupt Practices Act (FCPA) ,
International Arbitration ,
Non-Compete Agreements ,
Patent Litigation ,
Patents ,
Trade Secrets ,
Trademark Litigation ,
Trademarks ,
Trump Administration
On April 8, 2025, the US Department of Justice’s National Security Division’s final rule regulating sensitive data about US persons came into effect. DOJ also announced a 90-day grace period on enforcement. At a moment of...more
On June 6, 2025, President Donald J. Trump signed a new executive order on “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144” (“Trump Cyber EO”),...more
6/12/2025
/ Amended Legislation ,
Biden Administration ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Domain Names ,
Encryption ,
Executive Orders ,
FedRAMP ,
Legislative Agendas ,
NIST ,
Popular ,
Software ,
Trump Administration
The SEC recently announced the creation of a Cyber and Emerging Technologies Unit (CETU) that will focus on fraudulent conduct in cybersecurity, digital assets, and emerging technologies such as artificial intelligence. For...more
On January 16, 2025, former President Biden issued the Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity (the EO). The EO directs various parts of the federal government to adopt a...more
1/24/2025
/ Biden Administration ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Security ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
NIST ,
OMB ,
Regulatory Reform ,
Software
The SEC’s high-profile litigation against SolarWinds and its Chief Information Security Officer (CISO), Timothy G. Brown, reached a critical turning point on July 18, 2024, when a district court in the Southern District of...more
The SEC’s Director of Corporation Finance, Erik Gerding, recently issued two statements regarding a public company’s disclosure obligations in response to a cybersecurity incident. These remarks follow the adoption of the...more
6/27/2024
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement ,
Form 8-K ,
Publicly-Traded Companies ,
Regulatory Requirements ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
SolarWinds ,
Technology
The SEC’s high-profile litigation against SolarWinds and its Chief Information Security Officer (CISO), Timothy Brown, reached a critical juncture on May 15, 2024, when the parties presented oral arguments before Judge Paul...more
On May 7, 2024, the White House Office of the National Cyber Director (ONCD) released several reports on the United States’ cybersecurity posture and strategic plan. These documents implement the 2023 National Cybersecurity...more
5/15/2024
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Legislative Agendas ,
New Legislation ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Strategic Planning
On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA), an operational component of the Department of Homeland Security (DHS), posted for public inspection its long-anticipated notice of proposed...more
4/3/2024
/ Covered Entities ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Retention ,
Enforcement ,
Information Sharing ,
New Rules ,
Proposed Rules ,
Recordkeeping Requirements ,
Reporting Requirements
On February 28, 2024, President Biden issued Executive Order 14117 on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern (the EO). The EO empowers...more
3/7/2024
/ Biden Administration ,
Cross-Border Transactions ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Brokers ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Executive Orders ,
National Security ,
Office of Foreign Assets Control (OFAC) ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Sensitive Personal Information
On February 26, 2024, the National Institute of Standards and Technology (NIST), an agency within the U.S. Department of Commerce, released Version 2.0 of its Cybersecurity Framework (CSF), the first major update since its...more
In 2017, the New York Department of Financial Services (“NYDFS”) enacted a landmark regulation requiring financial services institutions such as banks and insurance companies in the state to meet substantial cybersecurity...more
11/8/2023
/ Banking Sector ,
Covered Entities ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Regulatory Reform ,
Financial Services Industry ,
NYDFS ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
Risk Management
This week, the SEC filed a high-profile litigation asserting fraud and internal controls charges against software company SolarWinds Corporation and its Chief Information Security Officer, Timothy G. Brown, in connection with...more
11/3/2023
/ CFOs ,
Chief Information Security Officer (CISO) ,
Corporate Counsel ,
Corporate Governance ,
Corporate Officers ,
Cybersecurity ,
Information Security ,
Information Technology ,
Popular ,
Securities and Exchange Commission (SEC) ,
Securities Fraud ,
Securities Litigation ,
Securities Violations ,
Security Breach
Jenner & Block is proud to host its inaugural Realty Rendezvous, a comprehensive half-day program designed to promote conversations about the industry. At four different panels, top minds in the industry will discuss trends...more
10/27/2023
/ Best Practices ,
Cybersecurity ,
Data Privacy ,
Events ,
Eviction ,
Hospitality Industry ,
Incident Response Plans ,
Landlords ,
Property Owners ,
Real Estate Market ,
Tenants ,
Vacant Properties
On July 25, 2023, the US Securities and Exchange Commission (the SEC), by a 3-2 vote, adopted final rules regarding cybersecurity risk management, strategy, governance and incident reporting by public companies (the Final...more
8/7/2023
/ Compliance ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
Disclosure Requirements ,
FCC ,
Filing Deadlines ,
Final Rules ,
Popular ,
Proposed Rules ,
Publicly-Traded Companies ,
Reporting Requirements ,
Required Forms ,
Securities and Exchange Commission (SEC) ,
XBRL Filing Requirements
On July 13, 2023, the White House published the National Strategy Implementation Plan (the Implementation Plan). According to the White House, the Implementation Plan is a “roadmap to realize” the mission of the National...more
Last month, Gurbir Grewal, the Director of the SEC’s Division of Enforcement, spoke at the Financial Times Cyber Resilience Summit. During the remarks, he outlined the importance of cybersecurity and signaled that the SEC is...more
7/11/2023
/ Amended Rules ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Disclosure Requirements ,
Enforcement Actions ,
Financial Institutions ,
Incident Response Plans ,
Personal Data ,
Policies and Procedures ,
Publicly-Traded Companies ,
Risk Management ,
Securities and Exchange Commission (SEC)
As cyber-attacks and data breaches pose an increasing threat to market participants, the US Securities and Exchange Commission (“SEC”) has become increasingly focused on the cyber risks to the public and the market at large....more
3/29/2023
/ Compliance ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Financial Institutions ,
Personal Information ,
Policies and Procedures ,
Proposed Amendments ,
Risk Management ,
Securities and Exchange Commission (SEC)
On March 1, 2023, the White House released a new National Cybersecurity Strategy (the Strategy) documenting the Biden-Harris administration’s approach to improving cybersecurity across the digital ecosystem. The Strategy...more
On May 19, 2022, the Department of Justice (DOJ) issued revisions to its existing policy for charging offenses under the Computer Fraud and Abuse Act (CFAA) (2022 CFAA Policy). The revisions state that “good-faith” security...more
On March 15, 2022, President Biden signed into law the “Cyber Incident Reporting for Critical Infrastructure Act of 2022” (the Act) as part of the 2022 federal funding bill.
Among other things, the Act requires critical...more
3/18/2022
/ Biden Administration ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Federal Breach Notification Standard ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
New Legislation ,
Ransomware ,
Regulatory Reform ,
Regulatory Requirements
Last week, the SEC proposed rule amendments to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. The proposed rules include an...more
In a speech to the Securities Regulation Institute conference last week, Chair Gary Gensler signaled the SEC may implement more stringent cybersecurity regulations, and in the meantime, would work to enforce existing...more
The Department of Justice (DOJ) announced this week a new Civil Cyber-Fraud initiative which will use the False Claims Act (FCA) to enforce government contract cybersecurity requirements. The initiative will be led by the...more