The Federal Trade Commission filed a lawsuit on August 29, 2022, against data broker Kochava Inc., alleging that the company’s sale of precise geolocation data is an unfair act or practice that violates Section 5 of the FTC Act. The case follows an FTC blog post warning that the agency would be vigilant in protecting

The Cybersecurity and Infrastructure Security Agency seeks public input on regulations that will set new mandatory cybersecurity reporting requirements for critical infrastructure companies. Open questions include the following:

  • Who will be subject to the new requirements?
  • What level of incident will trigger mandatory reporting?
  • How much follow-up reporting will be required?
  • What costs could potential

On August 11, 2022, the Federal Trade Commission (FTC) issued an advance notice of proposed rulemaking (ANPRM), kicking off its long-awaited rulemaking on commercial surveillance and data security.

The ANPRM is the first step in a long process that could result in the adoption of a federal regulation addressing privacy, data security, and use of

National Security Presidential Memorandum-33 requires federal agencies to impose disclosure and security requirements as part of research and development grant programs.

Academic and research institutions will be subject to standardized and enhanced disclosure obligations at the institutional and individual levels. Major institutions will also have to implement security programs with elements including cybersecurity and insider

Alvaro Bedoya has now been sworn in as a commissioner for the U.S. Federal Trade Commission. This restores a Democratic majority on the Commission and will enable the agency to move forward with the aggressive agenda of Chair Lina Khan. As a result, we can expect to see significant actions by the FTC on privacy

The U.S. Securities and Exchange Commission proposed rules that will require public disclosure not only of cybersecurity incidents, but also of aspects of public companies’ preparedness for cyber threats. The proposed rules set a short time frame for reporting “material” compromises, and the rules do not provide for delayed disclosure at the request of law

On March 15, 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022. This follows increased reporting of cyber threats facing critical infrastructure sectors, particularly the energy sector. The regulations implementing the reporting requirements may be several years away, but overlap with other new reporting requirements such as the

A new U.S. Supreme Court decision holds that federal courts cannot enforce or vacate arbitration awards under Sections 9 and 10 of the Federal Arbitration Act unless they have an independent jurisdictional basis to consider the case.

Previously, many federal courts would “look through” an arbitration enforcement action to the subject of the underlying dispute

The U.S. Federal Communications Commission is seeking public comment on vulnerabilities that threaten the security and integrity of the Border Gateway Protocol, which is central to the internet’s global routing system. The BGP’s design is widely deployed and lacks security features to ensure trust in the information being exchanged.

The FCC seeks comment on how