Our Privacy, Cyber & Data Strategy Team highlights the shift in priorities for privacy and cybersecurity regulation and enforcement across U.S. agencies under the second Trump Administration....more
The incoming Trump administration is expected to make several policy changes likely to impact tech transactions. President-elect Donald Trump has promised to reduce regulation and cut federal bureaucracy, which he says have...more
Last year we made some predictions about 2024’s cyber landscape and major issues. Several proved prescient, with incident reporting, CISO scrutiny, SEC aggression, and new regulation of various sectors taking shape as the...more
Continued cyberthreats drove expanded data security and breach notification requirements in 2024. Although sectors deemed high-risk saw significant activity, we also saw proposed regulations that stand to have a...more
Throughout 2024, financial sector regulators sharpened their focus on data protection and cybersecurity issues impacting financial institutions and the public. Key federal agencies like the Securities and Exchange Commission...more
Proposed cybersecurity regulation may face changes or challenges in view of the incoming Trump administration that is intent on reducing the perceived regulatory burden on American companies and streamlining government...more
U.S. supply chain security is increasingly under threat. The White House’s National Security Strategy describes this moment as an inflection point. Many federal agencies have taken charge in elevating the very concept of...more
On September 17, 2024, electronic pagers and walkie-talkies belonging to members of Hezbollah exploded. Over the course of two days, several people were killed and wounded. This incident highlights the broad set of concerns...more
The US Cybersecurity and Infrastructure Security Agency (CISA) recently published a Notice for Proposed Rulemaking intended to supplement the Cybersecurity Incident Reporting for Critical Infrastructure Act (CIRCIA). The...more
Amid intense focus on AI and a flurry of consumer privacy law updates, legislative activity has continued to change data breach notification requirements in a variety of ways. Similar to 2023, a handful of changes to...more
On June 28, 2024, the Supreme Court of the United States overruled a cornerstone of contemporary administrative law when it determined, in a 6-3 ruling, that the Supreme Court’s decision in Chevron U.S.A. Inc. v. Natural...more
Recently, the US Department of Homeland Security’s (DHS) Cybersecurity & Infrastructure Security Agency (CISA) issued a notice of proposed rulemaking (NPRM) which, if adopted, would require “covered entities” of critical...more
The proliferation of cybersecurity regulations has the White House and Congress calling for harmonization to streamline regulations, focus on reciprocity, and decrease compliance costs. Senator Gary Peters (D-MI), chair of...more
A significant shift in cybersecurity compliance is on the horizon, and businesses need to prepare. Starting in 2024, organizations will face new requirements to report cybersecurity incidents and ransomware payments to the...more
FCC Welcomes Comment on Mechanisms to Implement Multilingual Wireless Emergency Alerts (WEA): In this Public Notice, the Federal Communications Commission (FCC or Commission) seeks comment on its proposal to require...more
Amidst an ever-evolving cyber threat landscape, a recent slew of regulatory updates and cybersecurity standards are defining a new battlefront for securing critical infrastructure and corporate data across varying sectors....more
Cyber incidents involving critical infrastructure pose a serious risk to the US. In March 2024, the Environmental Protection Agency and the National Security Advisor warned state governors about potential attacks on drinking...more
On April 4, 2024, the United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (“CISA”) released for public comment its long-awaited proposed rules to implement the Cyber Incident...more
On May 7, 2024, the White House Office of the National Cyber Director (ONCD) released several reports on the United States’ cybersecurity posture and strategic plan. These documents implement the 2023 National Cybersecurity...more
On May 8, 2024, Paul Hastings Hosted the Cybersecurity Law Workshop at this spring’s Privacy + Security Forum with a panel on cybersecurity regulatory trends and recent developments. The panel was moderated by Paul Hastings...more
Remember CIRCIA? The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”) – intended to beef up reporting requirements across industries following cyber incursions – is moving along the pathway from...more
In early April, the Cybersecurity & Infrastructure Security Agency (CISA), within the US Department of Homeland Security, released a Notice of Proposed Rulemaking (NPRM) regarding the implementation of the Cyber Incident...more
Just over a year ago, the White House issued its long-awaited National Cybersecurity Strategy, with an emphasis on defending Critical Infrastructure, promoting public and private collaboration, and safeguarding...more
The Cybersecurity and Infrastructure Agency (CISA) is seeking comment on a proposed rule to implement reporting requirements for critical infrastructure entities, including health care entities, on cyberattacks and ransomware...more
For years, we were able to tell most clients experiencing a potential data security incident that they likely had at least 30 days to notify any third parties about the incident – if they concluded it was a breach. There...more