Cybersecurity Law Fundamentals

Author: James X. Dempsey, lecturer at the UC Berkeley School of Law and Senior Policy Advisor to the Program on Geopolitics, Technology and Governance at the Stanford Cyber Policy Center.

Almost as swiftly as cybersecurity has emerged as a major corporate and public policy concern, a body of cybersecurity law has developed.

This body of law is not systematic. Like all things digital, it is rapidly evolving. In the U.S., it comprises an often-mismatched set of doctrines: ancient common law concepts of negligence and contract; early 20th century prohibitions of unfair and deceptive trade practices; crimes reminiscent of trespass; legislation; non-binding agency guidelines; regulations; industry standards; national security law; and trade law. It is implemented through criminal prosecutions, regulatory enforcement actions, executive orders, contracts, and civil litigation between private parties. It includes both federal and state elements. The result is a patchwork—worse, a crazy quilt, with substantial gaps, showing signs of wear even as it is being stitched together. 

The purpose of Cybersecurity Law Fundamentals is to give a coherent summary of this incoherent body of law.

The book is both a primer and a reference volume It serves the cybersecurity practitioner looking for a quick refresher or a citation, but also guides generalists and newcomers to the field: the general counsel who needs a basic understanding of the regulatory requirements and legal risk that a company faces; the policymaker interested in understanding the gaps in the law and filling them; the attorney seeking a career transition to a rapidly growing practice area. 

Given how rapidly the field of cybersecurity law is developing, author Jim Dempsey maintains a free website with rapid updates of developments, ensuring that Cybersecurity Law Fundamentals will not become outdated.

(IAPP 2021, ISBN 978-1-948771-53-5, pages: 576, softcover)