Photo of Jordan Mallory

Jordan Mallory is an associate in the Governmental Practice in the firm's Washington, D.C. office.

 

On June 28, 2024, in a landmark decision, the Supreme Court overruled the four decade old case Chevron v. Natural Resources Defense Council. This pivotal decision should spur businesses to recalibrate their existing relationship with federal agencies. Indeed, we have already seen industry groups begin to use the overruling to influence agency rulemaking, signaling a future of significant shifts in the regulatory landscape. For those operating in regulated industries—including government contractors, and particularly those navigating the complex world of cybersecurity regulation—understanding the implications of the decision is crucial.Continue Reading Navigating the New Cybersecurity Regulatory Landscape Post-Chevron

For companies in the U.S. that hold certain personal data and U.S. Government-related data, rules stemming from recent Executive Order (“EO”) 14117 on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” may create obstacles and new compliance obligations. Under this EO, the Attorney General is charged with issuing regulations to either outright prohibit or impose restrictions on transactions involving bulk sensitive personal data or U.S. Government-related data when such transactions involve a “country of concern.”Continue Reading Data, Deals, and Diplomacy: How the Bulk Data Executive Order Will Shape Future Contracts and Security Practices

To kick off the New Year, Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2023 Recap (including links to all of the resources the team has put out over the past year) and 2024 Forecast (that previews what we expect to see in 2024). This Recap & Forecast covers the following five high-interest topic areas related to cybersecurity and data protection:Continue Reading Governmental Practice Cybersecurity and Data Protection, 2023 Recap & 2024 Forecast Alert

Well, the wait is over. Just as 2023 came to a close, on December 26, 2023, the Department of Defense (“DoD”) published the much-anticipated Proposed Rule for the DoD’s Cybersecurity Maturity Model Certification (“CMMC”) program (the “Proposed Rule”). It has been just over two years since “CMMC 2.0” was announced in November 2021 (which we previously discussed here). And while there is nothing particularly surprising in the Proposed Rule, there certainly are several notable additions and clarifications. Below we outline the key portions of the Proposed Rule that will be of particular importance to defense contractors.Continue Reading New Year, New Rules: The CMMC Proposed Rule is Here