On September 29, 2021, Senator Patrick Leahy (D-Vt.) and Senator John Cornyn (R-Texas) introduced the Restoring the America Invents Act, which would change the proceedings made to the U.S. Patent and Trademark's office patent tribunal.

On January 5, 2022, the Assembly Bill ('AB') A680A for the New York Privacy Act (the ‘Act’) was reintroduced following its original introduction in 2021 that resulted in insufficient process. According to a statement by Speaker Carl E. Heastie, the Act is intended to “help New Yorkers regain their privacy.”

On December 15, 2021, the National Credit Union Administration (NCUA) announced the release of the Automated Cybersecurity Evaluation Toolbox (Toolbox) application as available for download by federally insured credit unions.

Throughout this cybersecurity series, Kennedy Sutherland has provided our clients information regarding the increase in cyber-attacks and incidents in the past year. According to many sources, these incidents may result in “hurdles” being incurred by an organization seeking cyber insurance policies or coverage.

On December 14, 2021, the National Institute of Standards and Technology ("NIST") released a concept paper addressing Artificial Intelligence Risk Management Framework (AI RMF) incorporating comments and ideas from a NIST Request for Information and a workshop on the issue held in October 2021.

On December 21, 2021, the National Institute of Standards and Technology ("NIST") released a blog post outlining how organizations should maintain consumer or customer information when employing machine learning to initiate the organization’s services.

On December 10, 2021, the Federal Trade Commission ("FTC") published its Statement of Regulatory Priorities, which announced the FTC's intent to establish rulemakings on a myriad of data governance issues, such as unfair methods-of-competition stemming from surveillance-based business models and privacy.

On December 7, 2021, the New York Department of Financial Services ("NYDFS") issued guidance on weaknesses associated with multi-factor authentication ("MFA") to assist entities in establishing effective cybersecurity policies and programs.

On December 8, 2021, the White House Office of Science and Technology issued a statement launching a new initiative: International Grand Challenges on Democracy-Affirming Technologies. Among the actions that will be taken in pursuit thereof is a partnership between the U.S. and the U.K. to “collaborate on bilateral innovation prize challenges focused on advancing privacy-enhancing technologies (PETs).”

On December 9, 2021, Attorney General of the District of Columbia, Karl A. Racine, announced the introduction of “landmark legislation” intended to “prohibit companies and institutions from using algorithms that produce biased or discriminatory results.”

On December 7, 2021, the Financial Industry Regulatory Authority (FINRA) fined Wells Fargo $2.25 million for violating the requirement to store consumer information in the “tamper-proof” "WORM" format for a period of over 13 years.

On December 2, 2021, the United States Government Accountability Office (GAO) released a report evaluating the federal government's cybersecurity infrastructure and recommending changes to be implemented by the agency.

On December 6, 2021, the Office of the Comptroller of the Currency released their Semiannual Risk Perspective for Fall 2021, which outlined the elevated operational risk associated with the recently increased occurrence of cyberattacks, the impact of the COVID-19 virus, and other compliance hurdles.

On November 22, 2021, the Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a reminder to critical infrastructure organizations that they should “stay vigilant” against the increased risk of cyber-attacks during the holiday season.

Comments have been submitted in response to the Federal Trade Commission (FTC)’s Draft Strategic Plan for Fiscal Year 2022-2026 by the Electronic Privacy Information Center (EPIC) and the U.S. Chamber of Commerce.

On November 30, 2021, the National Telecommunications and Information Administration (NTIA), a branch of the Commerce Department, released a notice that they will hold three virtual Listening Sessions about “issues and potential solutions at the intersection of privacy, equity, and civil rights.”

On December 2, 2021, the House of Representatives passed three bipartisan cybersecurity bills intended to improve network security and cyber literacy in the United States: the Understanding Cybersecurity of Mobile Networks Act (H.R. 2685); Future Uses of Technology Upholding Reliable and Enhanced (FUTURE) Networks Act (H.R. 4045); and the American Cybersecurity Literacy Act (H.R.4055).

On November 16, 2021 the Committee on Oversight and Reform (COR) issued its Supplemental Memo on Committee’s Investigation into Ransomware detailing recent high-profile ransomware attacks on large companies. The objective of the supplemental memo was to provide insight as to future legislative and policy responses that may be developed to combat future threats of similar attacks.

On November 15, 2021, President Biden signed into law the Infrastructure Investment and Jobs Act. Included in this Act will be the issuance of critical funding for cybersecurity infrastructure primarily through state and local resources.