Treatise Update! Cybersecurity: A Practical Guide to the Law of Cyber Risk

Leave a reply

PLI recently updated Cybersecurity: A Practical Guide to the Law of Cyber Risk.

Among the many developments in this fast-moving field that are reflected in this treatise release are:

  • General Data Protection Regulation: The EU’s new General Data Protection Regulation (GDPR), effective May 2018, applies to most companies that collect personal data from individuals in the EU. The GDPR sets forth requirements for maintaining substantive security safeguards and notifying the supervisory authority and impacted individuals of breaches, and provides for significant financial penalties for noncompliance.
  • OCIE Risk Alert pertaining to broker-dealers: In an August 2017 Risk Alert, the SEC Office of Compliance Inspections and Examinations summarized observations from its second cybersecurity survey of broker-dealers and investment advisers, and noted a number of areas
    where compliance and oversight merited attention, signaling the issues on which it intends to focus in its yearly examinations.
  • Regulation of cybersecurity in the financial services industry: The discussion in chapter 5, Cybersecurity in Regulated Sections, is expanded to cover additional governmental agencies and industry associations that regulate financial services.
  • Requirements for defense contractors: In September 2017, the Director of the Defense Pricing/Defense Procurement and Acquisition. Policy issued guidance that recognizes that NIST Special Publication 800-171 avoids mandating specific solutions and provides latitude to
    contractors for how they choose to implement security controls and assess their own compliance with cybersecurity requirements. The guidance is notable because it allows small businesses with limited IT or cybersecurity expertise to meet the requirements of the special publication.
  • Cybersecurity of Federal Networks and Critical Infrastructure: President Trump’s Executive Order 13800 directs a broad examination of cybersecurity vulnerabilities at federal agencies; it also reaffirms the Obama administration’s approach to cybersecurity protections for critical infrastructure, seeking to promote the growth and sustainment of the nation’s cybersecurity workforce in the public and private sectors.

The updated treatise is available on PLI PLUS, our online research database.  If you’d like to order a print copy, please email libraryrelations@pli.edu or call 877.900.5291.

Leave a Reply

Your email address will not be published. Required fields are marked *