The Biden administration released its National Cybersecurity Strategy (“Strategy”) on March 2, 2023.1 The Strategy builds on previous policy actions by the Biden administration that sought to strengthen cybersecurity in critical infrastructure and protect personal data, including through regulatory action, government procurement requirements, and an emphasis on software security. The Strategy calls for (1)

Marcus A. Christian
Marcus Christian is a co-leader of the Washington DC Litigation & Dispute Resolution practice and a partner in Mayer Brown's Cybersecurity & Data Privacy practice and White Collar Defense & Compliance group. Since joining Mayer Brown in 2013, Marcus has represented clients in matters involving data security planning, board governance of cybersecurity, cyber fraud, data breach response, and congressional investigations, among others.
Marcus is a recognized leader in cybersecurity. He has been named to Cybersecurity Docket's "Incident Response 30," recognizing 30 of the "best and brightest data breach response lawyers in the business" three times. The publication also noted that those recognized "have established themselves as the 'first call' for companies hit with a cyber attack or other data security incident." Marcus was also named to the Washingtonian’s Top Lawyer list in 2018 and 2019.
UK Cybersecurity and Incident Response – The Outlook for 2023
Following on from our alert in relation to technology, data privacy, cybersecurity and IP legal developments to look out for in 2023, this update outlines some of the potential developments and trends in the UK cyber incident response landscape for 2023.
Increased litigation risk for cyber breach victims – the Information Commissioner’s Office begins naming …
State Privacy Law Roundup: Recent Developments in California and Colorado
There has been a whirlwind of activity over the past year as states enact and implement comprehensive consumer privacy laws. Starting with the passage of the California Consumer Privacy Act (CCPA) in 2018, which became effective in 2020, the US state privacy legal landscape has continued to develop rapidly. New comprehensive privacy frameworks are set…
Webinar: Cyber Spotlight: Ransomware 3.0 War Stories – Triple Extortion, Sanctions Risks, and Best Practices from the Trenches
Ransomware attacks continue to cause serious disruption to organizations and show no signs of slow-down. What starts as a security failure quickly becomes a serious business risk, requiring decision-making at the board level. Our speakers will touch on various legal and technical factors impacting a company’s response to a ransomware attack and provide practical advice…
President Biden Signs Executive Order on U.S. Intelligence Activities to Implement EU-U.S. Data Privacy Framework
On October 7, 2022, President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities,1 which is intended to implement U.S. commitments under the Trans-Atlantic Data Privacy Framework (DPF) announced in March 2022. With the new executive order, the Biden administration aims to strengthen the legal foundation for trans-Atlantic…
HIPAA Privacy Concerns Post-Dobbs
The United States Supreme Court recently issued its decision in Dobbs v. Jackson Women’s Health Org., ––– U.S. –––, 2022 WL 2276808 (2022), overturning Roe v. Wade, 410 U.S. 113 (1973), and Planned Parenthood of Southeastern Pennsylvania v. Casey, 505 U.S. 833 (1992). In holding that the U.S. Constitution does not protect…
Happy EOnniversary: One Year of Action Since President Biden’s Cybersecurity Executive Order
Strengthening the nation’s cybersecurity has been a top priority for the Biden administration, as reflected in its collaboration with industry, regulatory actions, and the legislation it has supported in Congress, including the Cyber Incident Reporting for Critical Infrastructure Act of 2022. Executive action has been a key tool in the Biden administration’s cyber policymaking toolkit.…
Filing Instructions Released for New US Bank Incident Reporting Requirement
On March 29, 2022, the US federal banking regulators released instructions on how financial institutions should comply with recently adopted computer-security incident notification requirements.1 These instructions will assist financial institutions in satisfying their obligations under the new requirements once compliance is required on May 1, 2022.
Looking to Invest In or Acquire a Digital Assets Business? Watch Where You Step—Realizing Value and Managing Risk
The upshot, for busy people:
- Realizing value and managing risk in investments and acquisitions of digital assets businesses means understanding several key areas of the target’s business—among them, cybersecurity, data privacy and regulatory positions.
- This is particularly challenging in light of the pace of innovation in these technologies and the intersecting, evolving regulations that apply
…
Cyber Incident Reporting for Critical Infrastructure Act Signed Into US Law as Part of Omnibus Appropriations Legislation
On March 15, 2022, President Biden signed into law the Consolidated Appropriations Act, 2022, H.R. 2471. Division Y of this omnibus appropriations legislation—the Cyber Incident Reporting for Critical Infrastructure Act of 2022—will create significant new rules requiring US critical infrastructure entities to report cybersecurity incidents and ransom payments to the US government. This legislation marks…