National Security Presidential Memorandum-33 requires federal agencies to impose disclosure and security requirements as part of research and development grant programs.

Academic and research institutions will be subject to standardized and enhanced disclosure obligations at the institutional and individual levels. Major institutions will also have to implement security programs with elements including cybersecurity and insider

Alvaro Bedoya has now been sworn in as a commissioner for the U.S. Federal Trade Commission. This restores a Democratic majority on the Commission and will enable the agency to move forward with the aggressive agenda of Chair Lina Khan. As a result, we can expect to see significant actions by the FTC on privacy

The Better Business Bureau recently announced the launch of the TeenAge Privacy Program, which proposes a self-regulatory framework for companies to use in order to protect teen consumers and guide the responsible collection and management of teen data. The CISR’s new framework helps to address recent attention to the privacy and safety of teens online

The U.S. Securities and Exchange Commission proposed rules that will require public disclosure not only of cybersecurity incidents, but also of aspects of public companies’ preparedness for cyber threats. The proposed rules set a short time frame for reporting “material” compromises, and the rules do not provide for delayed disclosure at the request of law

China’s internet watchdog, the Cyberspace Administration of China, has continued to tighten its regulation of internet industries and driven the formulation of many new laws and regulations in cybersecurity and data protection in China.

On March 17, 2022, the CAC reported to the public its campaign’s achievements. These achievements showcased the determination of regulators to

On March 15, 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022. This follows increased reporting of cyber threats facing critical infrastructure sectors, particularly the energy sector. The regulations implementing the reporting requirements may be several years away, but overlap with other new reporting requirements such as the

A new U.S. Supreme Court decision holds that federal courts cannot enforce or vacate arbitration awards under Sections 9 and 10 of the Federal Arbitration Act unless they have an independent jurisdictional basis to consider the case.

Previously, many federal courts would “look through” an arbitration enforcement action to the subject of the underlying dispute

Companies doing business in the United States should start preparing for the Utah Consumer Privacy Act, which was signed into law on March 24, 2022, and will go into effect on December 31, 2023. The law is more business-friendly than existing omnibus state privacy laws, in that it generally provides fewer consumer rights and company

In rapid succession, the following occurred:

Congress enacted new cybersecurity requirements for critical infrastructure.
U.S. Securities and Exchange Commission proposed a new cybersecurity rule.
U.S. Department of Justice unsealed indictments of Russian cyber operatives targeting the U.S. energy sector.
Federal Bureau of Investigation and the U.S. Department of Homeland Security pushed out new cybersecurity advisories.