On April 8, 2025, the US Department of Justice’s National Security Division’s final rule regulating sensitive data about US persons came into effect. DOJ also announced a 90-day grace period on enforcement. At a moment of...more
On April 8, 2025, the United States Department of Justice’s (DOJ) National Security Division’s (NSD) final rule (Final Rule) regulating certain sensitive US data transfers took effect. DOJ has made clear that it will take...more
The SEC recently announced the creation of a Cyber and Emerging Technologies Unit (CETU) that will focus on fraudulent conduct in cybersecurity, digital assets, and emerging technologies such as artificial intelligence. For...more
The SEC’s Director of Corporation Finance, Erik Gerding, recently issued two statements regarding a public company’s disclosure obligations in response to a cybersecurity incident. These remarks follow the adoption of the...more
6/27/2024
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement ,
Form 8-K ,
Publicly-Traded Companies ,
Regulatory Requirements ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
SolarWinds ,
Technology
On May 7, 2024, the White House Office of the National Cyber Director (ONCD) released several reports on the United States’ cybersecurity posture and strategic plan. These documents implement the 2023 National Cybersecurity...more
5/15/2024
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Legislative Agendas ,
New Legislation ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Strategic Planning
On February 28, 2024, President Biden issued Executive Order 14117 on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern (the EO). The EO empowers...more
3/7/2024
/ Biden Administration ,
Cross-Border Transactions ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Brokers ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Executive Orders ,
National Security ,
Office of Foreign Assets Control (OFAC) ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Sensitive Personal Information
On February 26, 2024, the National Institute of Standards and Technology (NIST), an agency within the U.S. Department of Commerce, released Version 2.0 of its Cybersecurity Framework (CSF), the first major update since its...more
In 2017, the New York Department of Financial Services (“NYDFS”) enacted a landmark regulation requiring financial services institutions such as banks and insurance companies in the state to meet substantial cybersecurity...more
11/8/2023
/ Banking Sector ,
Covered Entities ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Regulatory Reform ,
Financial Services Industry ,
NYDFS ,
Regulatory Agenda ,
Regulatory Reform ,
Regulatory Requirements ,
Risk Management
On March 15, 2022, President Biden signed into law the “Cyber Incident Reporting for Critical Infrastructure Act of 2022” (the Act) as part of the 2022 federal funding bill.
Among other things, the Act requires critical...more
3/18/2022
/ Biden Administration ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Federal Breach Notification Standard ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
New Legislation ,
Ransomware ,
Regulatory Reform ,
Regulatory Requirements