In recent years, plaintiff class actions lawyers have shifted their focus in cybersecurity cases from pleading federal claims to asserting claims under state law of residents of all 50 states. However, this potentially raises class certification issues that make these claims difficult for plaintiff to succeed on. How should one prosecute them? How should one defend them? How could one plead and prove that the plaintiffs were injured because of the breach?
Under the right circumstances, the SAFETY Act has the potential to become a new gold standard for companies that qualify for its protection and want to establish themselves as leaders in cybersecurity, both with respect to internal risk mitigation and with a view toward ensuring robust protection of customer or client data.
The profound changes deriving from IT/OT convergence require us to take a fresh look at legal and regulatory norms that have stood for decades since the Industrial Era. We are in a radical new environment where exponential benefits and risks are now reality.
The draft Guidelines seek to clarify questions raised since the passage of the GDPR over the GDPR’s extra-territorial reach, and they confirm that the GDPR’s intended reach is well beyond the geographic confines of the European Union.
In this article, the authors explore three important aspects of in-house counsel’s duties related to cybersecurity incident preparation and response: (1) providing advice regarding the company’s legal and regulatory obligations, especially with respect to breach notification; (2) engaging and coordinating external resources, including outside counsel and consultants; and (3) coordinating and managing internal and external communications.