Lindsey Tonsager, Micaela McMurrough, and Mark Young’s commentary was included in a Law360 article examining the top policy issues in data privacy and cybersecurity that are important to track in 2025.
Lindsey comments on federal government efforts to establish a nationwide standard for how companies handle and share consumers' personal information. Lindsey told Law360 that "even though Republicans will be in control of both the House and Senate, as well as the White House, their margins in Congress remain thin, and it's likely to be hard to find broad alignment on topics that have been perennial blockers, like preemption, private right of action and [Federal Trade Commission (FTC)] rulemaking authority. Never say never, but it's likely to still be an uphill climb." Noting potential actions by the FTC, Lindsey adds that "it's interesting to see how the Republican commissioners have started to lay down markers of how things might be a little bit different in the next administration.”
Micaela discusses possible actions by the Cybersecurity and Infrastructure Security Agency (CISA), which faces an uncertain future under a Trump administration guided by leaders that have expressed doubts about the agency's continued necessity. The agency is slated to soon release final regulations to require vital infrastructure operators to report cyber incidents and ransom payments to the agency. As currently proposed, the rules create "an incredibly broad incident reporting regime that requires very quick turnaround to report incidents" for entities in the critical infrastructure sector," making it a "key rulemaking" to watch in terms of where the government might land on the scope and reach of regulation, she noted.
Commenting on developments in artificial intelligence regulation in the European Union and what companies should be aware of, Mark Young adds that "regulators are in a challenging spot because a lot of training is already being done, and many recognize that it's not practical to require individual-level consent when talking about the vast amount of data required to train AI models. So hopefully we'll keep getting guidance that helps companies and regulators apply the law and work out the rules of the road for lawfully processing this data."
Back
