Recent comments by Anne Neuberger, President Biden’s Deputy National Security Adviser for Cyber and Emerging Technology, herald an important shift in U.S. cybersecurity policy. Traditionally, the U.S. Government’s approach has mostly focused on requiring companies to notify regulators and affected individuals of security breaches that implicate specific types of information, such as personally identifiable information, protected health information, and financial information. Federal efforts to prescribe or enforce proactive security measures have been sector-specific, such as the Transportation Security Administration’s Security Directives covering rail and pipeline owners and operators. Those measures have been spread among sector-specific agencies, which has resulted in multiple, and sometimes conflicting or confusing, requirements applying to some businesses. Federal law enforcement agencies have also made targeted and novel use of criminal search authorities to proactively remediate privately owned machines infected with malware by Russian and China-based actors.

Read the full blog post here on Perkins on Privacy.