On January 8, 2025, the Department of Justice (“DOJ”) published its final rule addressing Executive Order (E.O.) 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data...more
1/30/2025
/ Artificial Intelligence ,
China ,
Compliance ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Enforcement ,
Export Controls ,
Final Rules ,
Information Technology ,
International Emergency Economic Powers Act (IEEPA) ,
National Security ,
Personal Data ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Technology Sector
In the waning months of the current administration, the White House issued a memo setting forth actions focused on national security as directed in the AI Executive Order from last year. As a reminder, the order -while...more
12/17/2024
/ Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Data Security ,
Executive Orders ,
Government Agencies ,
National Security ,
NIST ,
Privacy Laws ,
Regulatory Agenda ,
Technology Sector
The Department of Defense published the final version of its Cybersecurity Maturity Model Certification (CMMC) rule last week. This rule establishes the parameters of the program and timeline for implementation. A separate...more
The Biden Administration recently issued an Executive Order aimed at protecting American’s sensitive information and certain US Government data from threats posed by foreign actors. Of note is the Order’s focus on data...more
4/25/2024
/ Biden Administration ,
Cybersecurity ,
Data Brokers ,
Data Privacy ,
Department of Justice (DOJ) ,
Executive Orders ,
Export Controls ,
National Security ,
Personal Data ,
Privacy Laws ,
Prohibited Transactions
In its first major overhaul since 2014, the National Institute of Standards and Technology (NIST) updated its Cybersecurity Framework (CSF) on February 26, 2024. The updated 27-page CSF version 2.0 builds on version 1.1 and...more
To kick off the New Year, Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2023 Recap (including links to all of the resources the team has put out over the...more
2/9/2024
/ Cloud Computing ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Protection ,
Data Rights ,
Data Security ,
Department of Defense (DOD) ,
Enforcement Actions ,
Federal Contractors ,
FedRAMP ,
Fraud ,
Privacy Laws ,
Software
ARTIFICIAL INTELLIGENCE -
What is the Privacy Impact of the White House AI Order for Businesses? Posted November 28, 2023
Biden’s sweeping AI Executive Order sought to have artificial intelligence used in accordance...more
2/7/2024
/ Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
Consumer Privacy Rights ,
Cross-Border Transactions ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
Healthcare ,
Legislative Agendas ,
New Legislation ,
New Regulations ,
Online Safety for Children ,
Privacy Acts ,
Privacy Laws ,
State and Local Government ,
State Privacy Laws
In response to a constantly-evolving cyber threat landscape, the Biden Administration recently announced the launch of a new cybersecurity labeling program – the U.S. Cyber Trust Mark program – in an effort to enhance...more
8/4/2023
/ Connected Items ,
Consumer Privacy Rights ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Collection ,
Data Security ,
Federal Contractors ,
Internet of Things ,
New Legislation ,
NIST ,
Personal Data ,
Personally Identifiable Information ,
Privacy Concerns ,
Privacy Laws ,
Smart Devices ,
Technology Sector
The National Institute of Standards and Technology is updating the security standards that govern the protection of sensitive government information. NIST recently released an initial public draft for comment. The document...more
To conclude our series of cybersecurity areas to focus on in 2023 for those who do business with the Federal government, we look at the FedRAMP and StateRAMP developments from 2022...more
The federal government has continued its efforts to fulfill the requirements set forth in Executive Order 14028, Improving the Nation’s Cybersecurity. For companies that do business with the Federal government, beyond looking...more
1/25/2023
/ Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Information Sharing ,
Privacy Laws ,
Regulatory Requirements
As we get settled into the New Year it is a good time to reflect on your company’s current data security and plans for 2023. In this five-part series, we reflect on the top important cybersecurity developments for companies...more
President Biden recently signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 as a part of a larger omnibus appropriations bill. The new law sets out mandatory reporting requirements for...more
3/29/2022
/ Covered Entities ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Security ,
Joe Biden ,
New Legislation ,
Popular ,
Privacy Laws ,
Proposed Rules ,
Reporting Requirements ,
Rulemaking Process
NIST recently released several key deliverables relating to cybersecurity. These focus on secure software development and new consumer labeling programs as contemplated by President Biden’s Executive Order 14028, which seeks...more
The National Institute of Standards and Technology (NIST) is seeking comments to improve its Cybersecurity Framework, “Framework for Improving Critical Infrastructure Cybersecurity” (Request for Information available here)....more
President Biden recently signed a National Security Memorandum on cybersecurity. This memorandum was required by an earlier executive order, which we previously have discussed here. The new memorandum (NSM) requires certain...more
As 2021 draws to a close, we wanted to share a recap of some of the most important cybersecurity developments we covered this past year along with some suggestions on what companies (particularly those that do business with...more