The increasing frequency and sophistication of cyberattacks, along with the growing concern of consumer data exploitation by businesses, has prompted the introduction of several regulatory frameworks aimed at enhancing cybersecurity and privacy protections. Yet, in the absence of comprehensive federal laws, regulators’ still growing technical knowledge, and evolving but sometimes conflicting privacy and cybersecurity principles, the resulting regulatory framework can be challenging for businesses and their counsel to decipher. Moreover, the rapid pace of technological innovation and the evolving nature of cyber threats makes it difficult for regulators to keep up and introduce regulations that remain relevant and effective, resulting in regular updates for affected parties to keep up with. While there are efforts underway to introduce more comprehensive and unified cybersecurity and privacy regulations, today this regulatory landscape is led by a few key bodies and their policies. This course provides an overview for organizations and their counsel of the Federal Trade Commission’s privacy and security rulemaking, the New York Department of Financial Services cybersecurity regulation, and the California Consumer Privacy Act.
- Attorneys advising businesses will find this review of the key requirements that businesses face and must keep up to date a guiding tool for navigating the complex patchwork of regulations, understanding regulatory priorities, and assessing jurisdictional or industry-specific requirements for their clients.