Laws and regulations affect how organizations conduct cyber breach investigations. In many jurisdictions, cyberattacks are considered a criminal act. Cyber hacking can also lead to legal exposure and civil litigation for victim organizations. For this reason, it is vitally important to include legal and regulatory considerations in building a cyber breach response program. The appropriate handling of digital evidence and data privacy is a crucial consideration in this process.

This chapter discusses, from a high-level perspective, the legal and regulatory considerations that organizations need to take into account when building a cyber breach response program. Although this chapter primarily uses the U.S. legal system to provide examples, most of the concepts are applicable under other legal regimes and in jurisdictions outside the United States. Consequently, leaders and other stakeholders responsible for incident response in their organizations must consult with their legal counsel to establish appropriate requirements for their jurisdictions.

Keep in mind that this chapter, and the entire book, is not a substitute for professional legal guidance or legal advice. I have strived to make the information presented in this chapter accurate and actionable at press time. Furthermore, the information presented constitutes generic guidance, and it may become obsolete over time. Consequently, I do not assume and ...