Increasingly, c-suite executives and board members have questions about their companies' cybersecurity practices — or lack thereof. This monthly series is intended to provide high-level answers to some of those questions, specifically focusing on the development of cybersecurity policies, incident-response plans, liability of board members and executives for data breaches and the attorney-client privilege for cybersecurity investigations. Part five of this exclusive series for The Privacy Advisor explained the patchwork of state laws that require companies to notify consumers and state regulators of certain data breaches. In part six, Jeffrey Kosseff, CIPP/US, describes the Securities and Exchange Commission’s rules for reporting cybersecurity incidents.
Full Story
Comments
If you want to comment on this post, you need to login.