According to two sources familiar with the FTC's plans, the rules will emphasize data security and data minimization, or the idea that companies should only collect the data they need to conduct business with consumers and delete it when concluded.

The U.S. Chamber of Commerce and multiple industry leaders are calling for a month-long extension of the 60-day comment period for a new incident reporting rule being issued by the top cybersecurity agency in the U.S.

The Cybersecurity and Infrastructure Security Agency (CISA) posted the 447-page set of regulations under the Cyber Incident Reporting for Critical Infrastructure Act to the Federal Register, allowing the public to comment on it.

The Department of Transportation (DOT) will review data collection practices for the country's 10 largest airlines in a bid to improve passenger privacy protections, Secretary Pete Buttigieg said on Thursday.

The updated guidance replaces prior guidance that HHS OCR issued in December 2022 which warned that the use of online trackers that collect and transmit certain individually identifiable health information, constituted potential HIPAA violations.

Three months since the launch of the Securities and Exchange Commission’s cyber incident reporting rule, companies are grappling with the question of when the impact of a breach or attack is considered material.

The new FCC rules not only mandate reporting to the FCC and law enforcement agencies but also require carriers to promptly inform customers about the breach and the potential risk to their personal information.

The FCC intends for the label to apply to a range of products, including home security cameras, internet-connected appliances, fitness trackers, garage door openers, baby monitors, and voice-activated devices.

The House Energy and Commerce Committee approved two significant data privacy bills, including one targeting TikTok's Chinese ownership and another blocking data brokers from selling Americans' data to foreign adversaries.

The regulations will establish an EU-wide cybersecurity alert system and a cybersecurity emergency mechanism to support preparedness, financial assistance, and a cybersecurity reserve for large-scale incidents.