The new year is already off to a fast start in the world of cybersecurity and privacy. With Data Privacy Day approaching next week (January 28), we will look at three trends that we expect to see in the coming year. The...more
This holiday season—following a year of headline breaches, surging supply-chain attacks, and major regulatory changes—cyber resilience tops every corporate wish list. The Cybersecurity and Infrastructure Security Agency...more
Without fail, each new year brings regulatory shifts and plaintiffs’-bar activity that push data, privacy, and cybersecurity in unexpected directions. As we look ahead to 2026, our Data, Privacy, and Cybersecurity Group is...more
In 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). It developed out of the federal government’s perceived need to be better prepared for cybersecurity...more
The Cybersecurity & Infrastructure Security Agency (CISA) has delayed publication of its cyber incident reporting rule for critical infrastructure operators. According to an entry on the Office of Management and Budget's...more
Companies in virtually every critical infrastructure sector have to navigate the maze of duplicative, inconsistent, and fragmented cybersecurity regulations imposed by federal and state governments. For example, as we have...more
Key point: The US Coast Guard’s new cybersecurity rule will transform the security standards and reporting requirements for vessels and marine facilities nationwide over the next three years. On July 16, 2025, the US Coast...more
At New York Tech Week 2025, cybersecurity took the spotlight. Fenwick partner Jon Lenzner sat down with Bryan Vorndran—former assistant director of the FBI’s Cyber Division—to unpack what early-stage companies, investors, and...more
Our Privacy, Cyber & Data Strategy Team highlights the shift in priorities for privacy and cybersecurity regulation and enforcement across U.S. agencies under the second Trump Administration....more
The incoming Trump administration is expected to make several policy changes likely to impact tech transactions. President-elect Donald Trump has promised to reduce regulation and cut federal bureaucracy, which he says have...more
Last year we made some predictions about 2024’s cyber landscape and major issues. Several proved prescient, with incident reporting, CISO scrutiny, SEC aggression, and new regulation of various sectors taking shape as the...more
Continued cyberthreats drove expanded data security and breach notification requirements in 2024. Although sectors deemed high-risk saw significant activity, we also saw proposed regulations that stand to have a...more
Throughout 2024, financial sector regulators sharpened their focus on data protection and cybersecurity issues impacting financial institutions and the public. Key federal agencies like the Securities and Exchange Commission...more
Proposed cybersecurity regulation may face changes or challenges in view of the incoming Trump administration that is intent on reducing the perceived regulatory burden on American companies and streamlining government...more
U.S. supply chain security is increasingly under threat. The White House’s National Security Strategy describes this moment as an inflection point. Many federal agencies have taken charge in elevating the very concept of...more
On September 17, 2024, electronic pagers and walkie-talkies belonging to members of Hezbollah exploded. Over the course of two days, several people were killed and wounded. This incident highlights the broad set of concerns...more
The US Cybersecurity and Infrastructure Security Agency (CISA) recently published a Notice for Proposed Rulemaking intended to supplement the Cybersecurity Incident Reporting for Critical Infrastructure Act (CIRCIA). The...more
Amid intense focus on AI and a flurry of consumer privacy law updates, legislative activity has continued to change data breach notification requirements in a variety of ways. Similar to 2023, a handful of changes to...more
On June 28, 2024, the Supreme Court of the United States overruled a cornerstone of contemporary administrative law when it determined, in a 6-3 ruling, that the Supreme Court’s decision in Chevron U.S.A. Inc. v. Natural...more
Recently, the US Department of Homeland Security’s (DHS) Cybersecurity & Infrastructure Security Agency (CISA) issued a notice of proposed rulemaking (NPRM) which, if adopted, would require “covered entities” of critical...more
The proliferation of cybersecurity regulations has the White House and Congress calling for harmonization to streamline regulations, focus on reciprocity, and decrease compliance costs. Senator Gary Peters (D-MI), chair of...more
A significant shift in cybersecurity compliance is on the horizon, and businesses need to prepare. Starting in 2024, organizations will face new requirements to report cybersecurity incidents and ransomware payments to the...more
FCC Welcomes Comment on Mechanisms to Implement Multilingual Wireless Emergency Alerts (WEA): In this Public Notice, the Federal Communications Commission (FCC or Commission) seeks comment on its proposal to require...more
Amidst an ever-evolving cyber threat landscape, a recent slew of regulatory updates and cybersecurity standards are defining a new battlefront for securing critical infrastructure and corporate data across varying sectors....more
Cyber incidents involving critical infrastructure pose a serious risk to the US. In March 2024, the Environmental Protection Agency and the National Security Advisor warned state governors about potential attacks on drinking...more