Database

There is no federal security breach notification law, but 47 states and the District of Columbia, Puerto Rico and the US Virgin Islands have enacted security breach notification laws. These laws typically require to disclose any breach of the system security to all residents whose unencrypted personal information was acquired by an unauthorised person and may also require notification to state Attorneys General.

It is reported that foreign communications infrastructure providers have been asked to sign Network Security Agreements (NSAs) in order to operate in the US. These agreements ensure that U.S. government agencies have the ability to access communications data when legally requested.

The agreements reported range in date from 1999 to 2011 and involve a rotating group of government agencies including the Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS), Department of Justice (DoJ), Department of Defense (DoD) and sometimes the Department of the Treasury.

According to the Washington Post, the agreements require companies to maintain what amounts to an “internal corporate cell of American citizens with government clearances” ensuring that “when U.S. government agencies seek access to the massive amounts of data flowing through their networks, the companies have systems in place to provide it securely.”

Moreover, the agreements impose local storage requirements for certain customers data as well as minimum periods of data retention for data such as billing records and access logs.

While in the United States there is no national law on data privacy, the state of California has passed in 2018 a privacy law that will apply to all firms established in the state. California's Consumer Privacy Act of 2018 demands that firms give consumers the opportunity to learn the categories of personal information that they collect, sell, or disclose about them, and to whom information is sold or disclosed. The Act also gives consumers right to prevent businesses from selling or disclosing their personal information. Individuals must therefore be informed that their information may be sold, and that they have a "right to opt out."

There are few limits on the transfer of personal data outside the US. Several states have enacted laws that limit or discourage state agencies or state contractors from outsourcing data processing beyond US borders, but these laws are typically limited to state government agencies and private companies that contract to perform services for or provide goods to state agencies.

It is reported that foreign communications infrastructure providers have been asked to sign Network Security Agreements (NSAs) in order to operate in the US. These agreements ensure that U.S. government agencies have the ability to access communications data when legally requested.

The agreements reported range in date from 1999 to 2011 and involve a rotating group of government agencies including the Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS), Department of Justice (DoJ), Department of Defense (DoD) and sometimes the Department of the Treasury.

According to the Washington Post, the agreements require companies to maintain what amounts to an “internal corporate cell of American citizens with government clearances” ensuring that “when U.S. government agencies seek access to the massive amounts of data flowing through their networks, the companies have systems in place to provide it securely.”

Moreover, the agreements impose local storage requirements for certain customers data as well as minimum periods of data retention for data such as billing records and access logs.

U.S. Citizenship and Immigration Services (USCIS) temporarily suspended in April 2017 premium processing for all H-1B petitions. This suspension may last up to six months. According to USCIS data, the principal recipient countries of these visas are Canada, China, India, Japan, Korea, Mexico, the Philippines, and the United Kingdom. In July 2017, the USCIS resumed premium processing for petitioners from certain instituttions.

For contractual services suppliers (CSS), a visa is issued if there are not sufficient workers who are able, willing, qualified and available at the time of application. Depending on the circumstances of the service and service provider, and on how contractual services suppliers is to be defined, visa categories which are not subject to a needs test may be applicable.

For independent service supplier (ISS) there is a quota of 65,000. Quotas do not apply to individuals employed at an institution of higher learning or a related or affiliated nonprofit entity. For individuals who have earned a master's or higher degree from a US higher education institution, there are quotas up to a maximum of 20,000 individuals. For contractual service providers (CSS), quotas depends on the visa requirement and the service that is provided.

It is reported that foreign communications infrastructure providers have been asked to sign Network Security Agreements (NSAs) in order to operate in the US. These agreements ensure that U.S. government agencies have the ability to access communications data when legally requested.

The agreements reported range in date from 1999 to 2011 and involve a rotating group of government agencies including the Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS), Department of Justice (DoJ), Department of Defense (DoD) and sometimes the Department of the Treasury.

According to the Washington Post, the agreements require companies to maintain what amounts to an “internal corporate cell of American citizens with government clearances” ensuring that “when U.S. government agencies seek access to the massive amounts of data flowing through their networks, the companies have systems in place to provide it securely.”

Moreover, the agreements impose local storage requirements for certain customers data as well as minimum periods of data retention for data such as billing records and access logs.

Foreign and domestic communications service suppliers have reported that dominant US telecom carriers charge high fees for wholesale access. In fact, according to a 2013 communication of the International Telecommunications Users Group, over 90% of last mile business access services in the US is controlled by incumbents, who enjoy profit margins of 60-170% - compared to the US regulator’s last authorized rate of return of just 11.25%. This is reported as a significant restriction for new entrants and prevents effective competition.

US telecommunications market is deregulated and competition rules apply. Nonetheless, in a 2015 submission to the Federal Communications Commission (FCC), the International Telecommunications Users Group has stated that over 90% of last mile business access services in the US continues to be controlled by a few incumbents.

Section 107 of Copyright Act provides that fair use for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship and research is not an infringement of copyright.

The US International Trade Commission (ITC) concluded that Samsung infringes two Apple patents.
Additionally, Motorola handsets with problematic calendar app designs were blocked from the US market.

The ITC also issued an exclusion order against Apple based on a FRAND-committed patent from Samsung. This decision was subsequently overturned shortly thereafter by the White House through its US Trade Representative (USTR).

In September 2015, an appeals court granted Apple an injunction following its 2012 patent victory over Samsung saying that the “public interest strongly favors an injunction” on the use of certain phone features. If Samsung does not win an appeal, it may have to tweak the software even in recent devices such as its latest Galaxy S6.

There are several restrictions which can apply on cross-border mergers and acquisitions that are above general restrictions for competition reasons.

Section 310(a) of the Communications Act of 1934 states that a foreign government or representative may not directly hold a spectrum license.

Section 310(b)(1) and (2) state that foreign individuals and business entities may not directly hold any common carrier, broadcast or aeronautical fixed on en route licenses. Under 310(b)(3), a foreign entity is limited to a 20% ownership interest in any common carrier, broadcast or aeronautical fixed on en route licenses. Pursuant to section 310(b)(4), a foreign entity is limited to a 25% ownership interest in a US corporation that controls any common carrier, broadcast or aeronautical fixed on en route license.

The Federal Communications Commission has the discretion to allow foreign ownership in excess of 25% unless such ownership is inconsistent with the public interest.

Furthermore, CFIUS can block an acquisition based on national security considerations. An instance of this is the failed acquisition of MoneyGram by the Chinese Ant Financial. In this case, opposition to the deal stemmed from fears associated with giving a Chinese company with government ties access to U.S. consumers' financial data.

Foreign investments are subject to approval unless contrary to national interest. The review of the Committee on Foreign Investment on National Security considerations applies to controlling investments in US businesses (it does not apply to Greenfield investments). Additionally, the Committee on Foreign Investment in the United States (CFIUS) seeks to identify and address any national security risk that arises as a result of a covered transaction and can request that the President determines whether to suspend or prohibit a covered transaction or take other action.

The list of factors for consideration by CFIUS are:
- potential effects of the transaction on the domestic production needed for projected national defense requirements;
- potential effects of the transaction on the capability and capacity of domestic industries to meet national defense requirements;
- potential effects of the transaction on U.S. international technological leadership in areas affecting U.S. national security;
- potential national security related effects on U.S. critical technologies;
- potential national security related effects of the transaction on U.S. critical infrastructure, among others.

Acquisitions blocked or delayed by CFIUS on national security grounds include the following cases:
1. In 2008, Bain Capital and Huawei Technologies withdrew their offer to acquire the network and software firm 3Com, due to the inability to successfully negotiate a mitigation agreement with CFIUS members.
2. The acquisition of Sprint Nextel by the Japanese firm SoftBank was opposed to, given the former relied on Huawei for equipment and cell tower base stations. SoftBank agreed to remove Huawei as a supplier when the acquisition was completed.
3. In 2011, some Members of the US Congress requested the Obama Administration to support a recommendation by CFIUS to block a proposed acquisition of 3Leaf Systems by Huawei Technologies over national security concerns. Given this backdrop, Huawei discontinued its efforts to acquire the firm.
4. in 2018, following a review by the CFIUS, President Trump signed an order blocking the acquisition of Broadcom by Qualcomm, citing national security concerns.
5. Following recommendation from CFIUS, the President of the US blocked the USD 1.3bn acquisition of Lattice. a US semiconductor company, by investors including a state-backed Chinese investment fund on grounds of national security.

Additionally, in January 2018, it was reported that AT&T cancelled a planned partnership with Huawei based on security concerns expressed by regular, such as a letter sent by the Federal Communications Commission.