INTRODUCTION...
On January 16, 2025, President Biden issued an Executive Order (EO) on Strengthening and Promoting Innovation in the Nation’s Cybersecurity, to further address increasing threats from nation-state actors...more
On December 27, 2024, the Department of Justice (DOJ) released a Final Rule, Provisions Pertaining to Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons....more
1/7/2025
/ Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Brokers ,
Data Management ,
Department of Justice (DOJ) ,
Due Diligence ,
Exports ,
Final Rules ,
National Security ,
Personal Data ,
Sensitive Personal Information
By now, companies across all industries have become familiar with the lifecycle and stages of a ransomware incident. Generally, once an attack is contained, remediation and rebuilding will follow. Shortly after, the crisis...more
10/14/2024
/ Attorney-Client Privilege ,
Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Incident Response Plans ,
Invasion of Privacy ,
Litigation Strategies ,
Personally Identifiable Information ,
Ransomware ,
Risk Mitigation
On August 15, 2024, the Department of Defense (DoD) published a proposed rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements related to the Cybersecurity...more
On May 2, 2024, the Department of Defense (DoD) issued a class deviation to DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting.
The deviation relates to contractors’ compliance with...more
On April 24, 2024, President Biden signed into law H.R. 815, the National Security Supplemental (the “Act”). While much of the focus centered on the foreign aid package for Israel, Ukraine, and the Indo-Pacific, the bill...more
4/30/2024
/ Biden Administration ,
Bureau of Industry and Security (BIS) ,
Cybersecurity ,
Economic Sanctions ,
Export Controls ,
Foreign Aid ,
International Emergency Economic Powers Act (IEEPA) ,
National Security ,
National Security Supplemental ,
New Legislation ,
Office of Foreign Assets Control (OFAC) ,
Regulatory Reform ,
Statute of Limitations ,
TWEA
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) within the US Department of Homeland Security released a much-anticipated notice of proposed rulemaking (NPRM) to implement the Cyber Incident...more
4/1/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Data Breach ,
Data Preservation ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
NPRM ,
Proposed Rules ,
Ransomware ,
Regulatory Agenda
On February 28, 2024, President Joe Biden issued Executive Order (“EO”) 14117, empowering the Department of Justice (DOJ) to regulate the export of certain consumer data, in order to prevent certain countries’ governments...more
3/6/2024
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Biden Administration ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Justice (DOJ) ,
Executive Orders ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Requirements
On January 29, 2024, the US Department of Commerce’s Bureau of Industry and Security (the “Department”) issued a notice of proposed rulemaking seeking comment on a proposed regulation in response to the Executive Order (E.O.)...more
2/15/2024
/ Artificial Intelligence ,
Bureau of Industry and Security (BIS) ,
Cloud Computing ,
Comment Period ,
Customer Identification Program (CIP) ,
Cybersecurity ,
Executive Orders ,
Financial Institutions ,
IaaS ,
Machine Learning ,
National Security ,
NPRM ,
Proposed Regulation ,
U.S. Commerce Department
On December 26, 2023, the Department of Defense (“DoD”) published the long-awaited Proposed Final Rule for the Cybersecurity Maturity Model Certification (“CMMC”) program. At a high level, the CMMC program is a mechanism by...more
On December 12, 2023, the Department of Justice (DOJ) issued guidelines for companies to follow in requesting that the Attorney General authorize delays of cyber incident disclosures required by the U.S. Securities and...more
12/13/2023
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
FBI ,
Form 8-K ,
New Guidance ,
Publicly-Traded Companies ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
Engaging third-party providers for technology transactions involves a certain level of cybersecurity risk. In fact, most companies have been through a third-party incident. In this episode, partners Justin Herring and Adam...more