“Regulationpalooza.” Readers offer their key takeaways from ACI event

Kenneth Mendelson CISSP, CIPP, CISA, PCIP April 18, 2024

At a recent fireside chat regarding the new U.S. sensitive data Executive Order and proposed rule, the discussion centered on case-based authorities vs. transaction-based authorities, and how the ANPRM looks at “classes of transactions” with a foreign adversary that pose substantial risk. Ken Mendelson provided FIW with his key takeaway from the event. He said, “This is new ‘categorical authority’ approach that will be a challenge for many to understand, and that a key takeaway is that the proposed rule is driven by national security, not data privacy. Many will find that confusing, especially due to the renewed emphasis on federal privacy legislation.”

Read Here


Ken Mendelson in a suit and tie smiling for a professional photograph

Kenneth Mendelson CISSP, CIPP, CISA, PCIP

Senior Managing Director

Ken Mendelson has spent more than 30 years at the intersection of law, information technology and public policy. As a member of the National Security Practice, Ken manages governance, risk and compliance projects and investigations, and conducts monitorships and third-party audits in connection with mitigation agreements enforced by the Committee on Foreign Investment in the United States (CFIUS). In addition, he assists established and emerging companies with implementing and maintaining cybersecurity and privacy programs by developing cybersecurity policies, procedures and guidelines, and conducting risk-based cybersecurity assessments.