National Security Presidential Memorandum-33 requires federal agencies to impose disclosure and security requirements as part of research and development grant programs.

Academic and research institutions will be subject to standardized and enhanced disclosure obligations at the institutional and individual levels. Major institutions will also have to implement security programs with elements including cybersecurity and insider

New cybersecurity developments and observations, including those relating to U.S. Department of Labor review of cybersecurity issues, warrant prompt consideration by plan fiduciaries, including those plans covered by HIPAA.

The following update includes recommendations to help ERISA retirement and health and welfare plan sponsors and responsible fiduciaries protect benefit plans and participants against cybersecurity risks

The U.S. Securities and Exchange Commission proposed rules that will require public disclosure not only of cybersecurity incidents, but also of aspects of public companies’ preparedness for cyber threats. The proposed rules set a short time frame for reporting “material” compromises, and the rules do not provide for delayed disclosure at the request of law

China’s internet watchdog, the Cyberspace Administration of China, has continued to tighten its regulation of internet industries and driven the formulation of many new laws and regulations in cybersecurity and data protection in China.

On March 17, 2022, the CAC reported to the public its campaign’s achievements. These achievements showcased the determination of regulators to

On March 15, 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022. This follows increased reporting of cyber threats facing critical infrastructure sectors, particularly the energy sector. The regulations implementing the reporting requirements may be several years away, but overlap with other new reporting requirements such as the

In rapid succession, the following occurred:

Congress enacted new cybersecurity requirements for critical infrastructure.
U.S. Securities and Exchange Commission proposed a new cybersecurity rule.
U.S. Department of Justice unsealed indictments of Russian cyber operatives targeting the U.S. energy sector.
Federal Bureau of Investigation and the U.S. Department of Homeland Security pushed out new cybersecurity advisories.

On February 25, 2022, the Utah Senate unanimously (28-0) passed Senate Bill 227, also known as the Utah Consumer Privacy Act (Privacy Act). The 2022 session adjourned on March 4, and Utah Governor Spencer Cox has 20 days from that date to either sign (or not sign) the bill, after which it becomes law, or veto the bill, in which case it does not become a law unless the legislature overrides the governor’s veto. The Privacy Act would become the fourth comprehensive state consumer privacy law in the United States.
Continue Reading Utah Consumer Privacy Act on the Horizon

The U.S. Federal Communications Commission is seeking public comment on vulnerabilities that threaten the security and integrity of the Border Gateway Protocol, which is central to the internet’s global routing system. The BGP’s design is widely deployed and lacks security features to ensure trust in the information being exchanged.

The FCC seeks comment on how

The FCC has unanimously adopted an order to revoke China Unicom Americas’ section 214 authorizations. This action follows the FCC order in October 2021 to revoke China Telecom Americas’ authorizations. These license revocations demonstrate that the severe actions against Chinese telecoms with apparent affiliations with the Chinese government and military that began in the last

This past summer, we reported on the July 2021 vote by the Uniform Law Commission (ULC) to approve the Uniform Personal Data Protection Act (UPDPA), a model data privacy bill designed to be promulgated in state legislatures across the United States. Now the District of Columbia becomes the first jurisdiction to have the bill introduced for consideration.
Continue Reading Washington, D.C., Becomes the First Mover on the Uniform Personal Data Protection Act