Chapter 17 Legal and Compliance
American Bar Association Cybersecurity Legal Task Force Harvey Rishikof, Chair, Advisory Committee to the Standing Committee on Law and National Security, USA Conor Sullivan, Law Clerk for the Standing Committee on National Security, USA
Lawyers. Tom reluctantly swiveled away from his workstation to face the creatures before him. There sat two of the breed, ties drawn tight around their necks and dark suits set in stark contrast to the beige office. His general counsel Alain, spoke first: “Tom, I know you asked our office to advise you today about what legal and compliance capability we can bring to bear for cybersecurity, so I brought with me one of our staff attorneys who’s had prior experience with cyber. As you know, lawyers are like wolves; we never travel alone. We actually have several worrisome conclusions which we think you really should consider.”
It is beneficial to spend some time understanding the legal paradigms that drive cyber law today. For our purposes, it is worth examining the legal frameworks in the two places modern organizations are perhaps the most likely to do business subject to cyber regulations: the European Union and the United States. Before doing so, let us overview how the regulatory dots are connected as in Table 17.1.
Table 17.1 Connecting the Regulatory Dots
WHAT to Protect | WHY Protect It | Protect from WHOM | Protected by WHOM | Typical Methods |
Personal data of employees and customers | Human rights/regulatory ... |
Get The Cyber Risk Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.