The requirement to disclose material cybersecurity events under new Item 1.05 of Form 8-K takes effect today (other than for smaller reporting companies, for which the new requirement will take effect on June 15, 2024)....more
Our initial thoughts on the Biden Executive Order first appeared on WilmerHale’s Privacy and Cybersecurity Blog the day that the Executive Order was released.
On October 30, 2023, the Biden Administration issued its...more
11/13/2023
/ Artificial Intelligence ,
Biden Administration ,
Cybersecurity ,
Department of Education ,
Department of Labor (DOL) ,
Department of Transportation (DOT) ,
Executive Orders ,
Federal Contractors ,
Government Agencies ,
Health Care Providers ,
Intellectual Property Protection ,
National Security ,
NIST ,
Regulatory Agenda ,
Technology Sector
On October 30, 2023, the Securities and Exchange Commission (“SEC”), filed a complaint against SolarWinds Corp. (“SolarWinds” or the “Company”) for fraud and internal and disclosure controls failures relating to allegedly...more
Public companies will soon be required to provide increased transparency about cybersecurity incidents, risk management, strategy and governance as a result of new rules adopted by the Securities and Exchange Commission (the...more
8/14/2023
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
The Biden Administration has issued its long-awaited Executive Order on Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern (“EO”), which will create a new...more
8/11/2023
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Biden Administration ,
China ,
Cybersecurity ,
Executive Orders ,
Foreign Investment ,
NAICS ,
National Security ,
Outbound Transactions ,
Popular ,
Proposed Regulation ,
Supply Chain ,
Technology Sector ,
U.S. Treasury
On Friday, July 21, 2023, the White House announced that seven US technology companies at the forefront of generative artificial intelligence (AI) agreed to eight voluntary commitments to “promote the safe, secure, and...more
On May 23, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) published a second edition of the #StopRansomware Guide (the Guide). The Guide, first published in September 2020, aims to help organizations reduce...more
Speaking about the U.S. Department of Justice's enforcement priorities on Sept. 12 at the American Bar Association's annual Civil False Claims Act and Qui Tam Enforcement Institute conference, the principal deputy assistant...more
On September 15, 2022, President Biden signed an Executive Order (EO) identifying economic sectors that merit special attention for review by the Committee on Foreign Investment in the United States (CFIUS or the Committee)....more
9/20/2022
/ Biden Administration ,
CFIUS ,
Cybersecurity ,
Executive Orders ,
Foreign Direct Investment ,
Foreign Investment ,
Investors ,
National Security ,
Sensitive Personal Information ,
Supply Chain ,
Technology Sector
The US Department of Justice (DOJ) recently announced plans to use the False Claims Act (FCA) to pursue cybersecurity-related fraud by government contractors, subcontractors and grant recipients, including for providing...more
10/14/2021
/ Compliance ,
Cyber Crimes ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Protection ,
Department of Justice (DOJ) ,
DFARS ,
False Claims Act (FCA) ,
Federal Contractors ,
Fraud ,
Subcontractors
On Wednesday, May 12, 2021, President Biden issued an ambitious and sweeping Executive Order focused on combating digital threats to US networks and infrastructure. The Executive Order on Improving the Nation’s Cybersecurity...more
5/17/2021
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Executive Orders ,
Federal Contractors ,
Information Technology ,
National Security ,
NIST ,
OMB ,
Supply Chain
On December 17, 2020, the Office of the Comptroller of the Currency, Treasury (OCC); the Federal Reserve; and the Federal Deposit Insurance Corporation (FDIC) issued a Notice of Proposed Rulemaking that would require...more
12/22/2020
/ Bank Secrecy Act ,
Banking Regulators ,
Banks ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Financial Institutions ,
GLBA Privacy ,
NPRM ,
Popular ,
Reporting Requirements ,
Suspicious Activity Reports (SARs)
We hope you have read about the reporting on potential ransomware attacks on US hospitals and perhaps other health care providers. If you have not, please review this guidance from the government agencies involved in this...more
On February 27, 2020, the Cybersecurity Unit of the Justice Department’s Computer Crime and Intellectual Property Section released a guidance document addressing “Legal Considerations when Gathering Online Cyber Threat...more
On April 24, 2018, the Securities and Exchange Commission announced a settled enforcement proceeding against Altaba Inc. (formerly known as Yahoo! Inc.) arising out of data breaches suffered by Yahoo in 2014, 2015 and 2016....more
Cybersecurity is one of the highest priority issues for public company executives and directors. This note shares our views—developed over our involvement in the aftermath of many cybersecurity events as well as counseling on...more
On February 21, 2018, the Securities and Exchange Commission (SEC) approved an interpretive release updating guidance on public company disclosure and other obligations concerning cybersecurity matters. The interpretive...more
Under the Department of Defense (DoD) final Defense Federal Acquisition Regulation Supplement (DFARS) rule on Network Penetration Reporting and Contracting for Cloud Services, DoD contractors maintaining, processing, or...more
On May 11, President Trump signed his long-awaited Executive Order on “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” Much of the Order mandates efforts to improve the government's own...more
Several media organizations this week published a pre-release copy of the report of the Health Care Industry Cybersecurity Task Force established pursuant to the Cybersecurity Act of 2015. The report, written by a 21-member...more
On February 16, the New York State Department of Financial Services (NYDFS) issued cybersecurity regulations for banks, insurance companies and other financial institutions subject to NYDFS jurisdiction. ...more
On Thursday, December 1, the nonpartisan Commission on Enhancing National Cybersecurity, established pursuant to an Executive Order in February, issued its report, outlining more than 50 recommendations for the next...more
The Standing Committee of China's National People's Congress (NPC) adopted the country's Cybersecurity Law1 on November 7—the latest in a spate of national security-related measures targeting the ICT industry. Drafts of the...more
On October 21, 2016, the Department of Defense (DoD) issued its final rule on Network Penetration Reporting and Contracting for Cloud Services, amending an interim version issued on August 26, 2015, and revised on December...more
Yesterday, the Office of the Comptroller of the Currency (OCC), the Federal Reserve Board (Fed), and the Federal Deposit Insurance Corporation (FDIC) issued a joint advanced notice of proposed rulemaking (ANPRM) seeking...more