This week, the Trump Administration reached the 100-day mark—a significant milestone in any presidential term wherein key administrative priorities and objectives are promulgated. Perhaps unsurprisingly, cybersecurity stands...more
5/2/2025
/ Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Cybersecurity Maturity Model Certification (CMMC) ,
Department of Defense (DOD) ,
Department of Justice (DOJ) ,
False Claims Act (FCA) ,
FCC ,
Federal Contractors ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
Trump Administration
With the publication of a recent Notice of Proposed Rulemaking (NPRM), the Department of Justice National Security Division will soon become an important new regulator of transactions involving the transfer of sensitive U.S....more
10/29/2024
/ Biden Administration ,
China ,
Civil Investigation Demand ,
Comment Period ,
Compliance ,
Covered Person ,
Cross-Border Transactions ,
Data Retention ,
Department of Justice (DOJ) ,
Due Diligence ,
Executive Orders ,
International Data Transfers ,
International Emergency Economic Powers Act (IEEPA) ,
National Security ,
Personal Data ,
Proposed Rules ,
Regulatory Authority ,
Russia ,
Sensitive Personal Information
On October 11, 2024, the U.S. Department of Defense (DoD) at long last published a final rule establishing the Cybersecurity Maturity Model Certification (CMMC) Program (the Final Rule)...more
On July 18, 2024, the U.S. District Court for the Southern District of New York dismissed most of the claims brought by the Securities and Exchange Commission (the “Commission”) against SolarWinds Corp. and its Chief...more
8/13/2024
/ Accounting Standards ,
Chief Information Security Officer (CISO) ,
Cyber Attacks ,
Disclosure Requirements ,
Dismissals ,
Enforcement Actions ,
Foreign Corrupt Practices Act (FCPA) ,
Fraud ,
Internal Controls ,
Sarbanes-Oxley ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act ,
SolarWinds
On February 28, 2024, President Biden signed Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and U.S. Government-Related Data by Countries of Concern” (the EO), under the authority of the...more
3/4/2024
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Biden Administration ,
China ,
Consumer Financial Protection Bureau (CFPB) ,
Data Transfers ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Executive Orders ,
International Data Transfers ,
International Emergency Economic Powers Act (IEEPA) ,
Rulemaking Process ,
Russia ,
Sensitive Personal Information
The requirement to disclose material cybersecurity events under new Item 1.05 of Form 8-K takes effect today (other than for smaller reporting companies, for which the new requirement will take effect on June 15, 2024)....more
Our initial thoughts on the Biden Executive Order first appeared on WilmerHale’s Privacy and Cybersecurity Blog the day that the Executive Order was released.
On October 30, 2023, the Biden Administration issued its...more
11/13/2023
/ Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Department of Education ,
Department of Labor (DOL) ,
Department of Transportation (DOT) ,
Executive Orders ,
Federal Contractors ,
Government Agencies ,
Health Care Providers ,
Intellectual Property Protection ,
National Security ,
NIST ,
Regulatory Agenda ,
Technology Sector
On October 30, 2023, the Securities and Exchange Commission (“SEC”), filed a complaint against SolarWinds Corp. (“SolarWinds” or the “Company”) for fraud and internal and disclosure controls failures relating to allegedly...more
Today, the Biden Administration released its highly anticipated Executive Order on Safe, Secure and Trustworthy Artificial Intelligence, setting forth a broad vision of the Administration’s legal, regulatory, and policy...more
Public companies will soon be required to provide increased transparency about cybersecurity incidents, risk management, strategy and governance as a result of new rules adopted by the Securities and Exchange Commission (the...more
8/14/2023
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
The Biden Administration has issued its long-awaited Executive Order on Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern (“EO”), which will create a new...more
8/11/2023
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Biden Administration ,
China ,
Cybersecurity ,
Executive Orders ,
Foreign Investment ,
NAICS ,
National Security ,
Outbound Transactions ,
Popular ,
Proposed Regulation ,
Supply Chain ,
Technology Sector ,
U.S. Treasury
The Committee on Foreign Investment in the United States (CFIUS) reviewed a record number of transactions for national security risks in 2022: 440 covered transactions, up from 436 transactions in 2021, according to its...more
On Friday, July 21, 2023, the White House announced that seven US technology companies at the forefront of generative artificial intelligence (AI) agreed to eight voluntary commitments to “promote the safe, secure, and...more
On July 10, 2023, the European Commission adopted its long-awaited adequacy decision for the EU-U.S. Data Privacy Framework (“Adequacy Decision”). This ends a three-year journey to set up a successor to the EU-U.S. Privacy...more
7/12/2023
/ Adequacy Requirement ,
Court of Justice of the European Union (CJEU) ,
Department of Justice (DOJ) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Iceland ,
International Data Transfers ,
Liechtenstein ,
Member State ,
Norway ,
Personal Data ,
U.S. Commerce Department
On May 23, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) published a second edition of the #StopRansomware Guide (the Guide). The Guide, first published in September 2020, aims to help organizations reduce...more
On March 9, 2023, the Securities and Exchange Commission (SEC) reached a settlement with Blackbaud – a client relationship management (CRM) service provider for nonprofits – over allegations that Blackbaud (i) made materially...more
Speaking about the U.S. Department of Justice's enforcement priorities on Sept. 12 at the American Bar Association's annual Civil False Claims Act and Qui Tam Enforcement Institute conference, the principal deputy assistant...more
On September 15, 2022, President Biden signed an Executive Order (EO) identifying economic sectors that merit special attention for review by the Committee on Foreign Investment in the United States (CFIUS or the Committee)....more
9/20/2022
/ Biden Administration ,
CFIUS ,
Cybersecurity ,
Executive Orders ,
Foreign Direct Investment ,
Foreign Investment ,
Investors ,
National Security ,
Sensitive Personal Information ,
Supply Chain ,
Technology Sector
The Committee on Foreign Investment in the United States (CFIUS) is reviewing a record number of transactions for national security risks, according to a recently released Annual Report to Congress for Calendar Year 2021. ...more
The US Department of Justice (DOJ) recently announced plans to use the False Claims Act (FCA) to pursue cybersecurity-related fraud by government contractors, subcontractors and grant recipients, including for providing...more
10/14/2021
/ Compliance ,
Cyber Crimes ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Protection ,
Department of Justice (DOJ) ,
DFARS ,
False Claims Act (FCA) ,
Federal Contractors ,
Fraud ,
Subcontractors
On Wednesday, May 12, 2021, President Biden issued an ambitious and sweeping Executive Order focused on combating digital threats to US networks and infrastructure. The Executive Order on Improving the Nation’s Cybersecurity...more
5/17/2021
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Executive Orders ,
Federal Contractors ,
Information Technology ,
National Security ,
NIST ,
OMB ,
Supply Chain
On March 10, 2021, the Federal Bureau of Investigation (FBI or Bureau) issued a Private Industry Notification (PIN) advising companies that “[m]alicious actors almost certainly will leverage synthetic content for cyber and...more
On December 17, 2020, the Office of the Comptroller of the Currency, Treasury (OCC); the Federal Reserve; and the Federal Deposit Insurance Corporation (FDIC) issued a Notice of Proposed Rulemaking that would require...more
12/22/2020
/ Bank Secrecy Act ,
Banking Regulators ,
Banks ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Financial Institutions ,
GLBA Privacy ,
NPRM ,
Popular ,
Reporting Requirements ,
Suspicious Activity Reports (SARs)
The administration of President-elect Joe Biden and Vice President-elect Kamala Harris will break sharply from the policies of the Trump Administration in many ways. But one area where we expect more continuity than change is...more
We hope you have read about the reporting on potential ransomware attacks on US hospitals and perhaps other health care providers. If you have not, please review this guidance from the government agencies involved in this...more