On September 28, 2021, Senators Gary Peters and Rob Portman, respectively Chairman and Ranking Member of the Homeland Security and Government Affairs Committee, introduced a bipartisan bill that would require owners and operators of critical infrastructure to notify the Director of the Cybersecurity and Infrastructure Security Agency within 72 hours of having a reasonable belief that a covered cyber incident has occurred.
Continue Reading U.S. Senators Introduce Bipartisan Bill on Reporting Critical Infrastructure Cyber Incidents and Ransomware Payments

On September 14, 2021, the U.S. House Committee on Energy and Commerce voted in favor of a legislative recommendation that would create a new FTC privacy bureau as part of the proposed $3.5 trillion federal budget reconciliation package.
Continue Reading U.S. House Committee Votes to Create New FTC Privacy Bureau and Appropriate $1 Billion to the Agency

On June 17, 2021, Senator Kirsten Gillibrand (D-NY) announced the reintroduction of the Data Protection Act of 2021, which would create an independent federal agency, the Data Protection Agency, to “regulate high-risk data practices and the collection, processing, and sharing of personal data.”
Continue Reading Senator Gillibrand Announces Renewed Data Protection Act 2021

As reported on Hunton’s Retail Law Blog, on April 22, 2021, the U.S. Supreme Court unanimously held in a highly-anticipated case, AMG Capital Management, LLC v. FTC, that the Federal Trade Commission cannot seek or obtain equitable monetary relief pursuant to §13(b) of the FTC Act, putting an end to the use of §13(b) as a significant enforcement tool.
Continue Reading Supreme Court Rules FTC Cannot Rely on “Injunction” Provision to Obtain Equitable Monetary Relief

The Biden administration announced it intends to nominate Chris Inglis, a former Deputy Director of the National Security Agency, to be the first U.S. National Cyber Director, subject to Senate confirmation. The newly-established position, which will serve as the President’s principal cybersecurity policy and strategy advisor, and the Office of the National Cyber Director were created under the National Defense Authorization Act for Fiscal Year 2021, which became law on January 1, 2021.
Continue Reading White House to Nominate First National Cyber Director

As we previously reported, significant data privacy bills, titled the Consumer Data Protection Act, are working their way through the Virginia legislature. If enacted, Virginia would be the second state to enact major data privacy legislation of general applicability.
Continue Reading Virginia Moves Closer to Be the Second State to Enact Major Privacy Legislation