ResourceCenter

All the tools and information you need in one easy-to-find place

Cybersecurity Law

Cybersecurity Law

TOPIC PAGE

Navigate by Topic

Featured resources
Cybersecurity and privacy intersections
Breach notification and incident reporting
Breach litigation and private right of action
Federal & state cybersecurity statutes

Enforcement of cybersecurity practices
Ransomware
Product liability
Evolution of the “reasonable” security standard

On this topic page, you can find the IAPP’s collection of coverage, analysis and resources related to cybersecurity law.

Cybersecurity Law Center
With cybersecurity law and policy becoming a distinct discipline integral to organizations’ legal compliance, data governance and risk mitigation strategies, the IAPP presents the Cybersecurity Law Center to address the need for deeper understanding and wider engagement. The Cybersecurity Law Center provides networking, education, resources and workshop opportunities for lawyers and nonlawyers alike.
View here

Featured Resources

Back to top

BOOK

Cybersecurity Law Fundamentals

“Cybersecurity Law Fundamentals” serves cybersecurity practitioners looking for a refresher and also guiding generalists and newcomers to the field.
Read More

Top trends in cybersecurity

This episode discusses the top trends in cybersecurity law and policy with data security experts James Dempsey and John Carlin.
Read More

Major trends in US cybersecurity law and policy

This article discusses the onslaught of recent U.S. laws, regulations, class-action lawsuits and enforcement actions.
Read More

Back to top

Cybersecurity and privacy intersections

US increasing efforts toward cyber regulatory harmonization

Highway to the regulation zone: The Intersection of cyber and privacy

WEB CONFERENCE

From silo to synergy between cybersecurity and privacy

WEB CONFERENCE

Back to top

Breach notification and incident reporting

Incident and Breach Management

Adverse event reporting and preparing for the next wave of privacy litigation

AI incident response plans: Not just for security anymore

SEC adopts rules to update cybersecurity incident reporting

ANPD publishes new security incident reporting form

Reporting cyber incident requirements in some Latin American jurisdictions

FTC signals expanded breach notice obligations

Is the EDPB’s ‘targeted update’ to data breach reporting guidance a ‘mini-budget’ moment for GDPR regulation?

Cyber Incident Reporting Simplified with Privacy Best Practices

WEB CONFERENCE

An inside look at law enforcement response to cyberattacks

What the world of sports teaches us about incident preparedness and response

Future-Proof Compliance with Breach Notification Regulations

WEB CONFERENCE

State Data Breach Notification Chart

TOOL

Comparing EU regulatory norms with incident reporting obligations

How to evaluate your privacy-incident response program

How to operate under Canada’s new breach notification landscape

How to accelerate breach-notification timeframes

Benchmarking for GDPR: How often are orgs reporting data breaches to authorities and subjects?

72 hours and counting: Do’s and don’ts of incident response

How often do notification exceptions apply? We look to the data

Some Privacy Practices May Result in Under-Reporting of Breach Incidents

WHITE PAPER

Benchmarking your Privacy Incident Management Program – Article Series

ARTICLE SERIES

Back to top

Breach litigation and private right of action

Private Rights of Action in US Privacy Legislation

RESOURCE ARTICLE

Enacted Federal Statutes with PRA

Reporting cyber incident requirements in some Latin American jurisdictions

Third circuit shows how to establish standing in data breach cases

US courts mixed on letting data breach suits go forward

Data Breach: Mitigating Risks in an Ever-Changing Landscape

CCPA litigation: Shaping the contours of the private right of action

Encryption’s impact on potential liability under CCPA

Back to top

Federal and state cybersecurity statutes

Enacted Federal Statutes with PRA

US Federal Privacy Legislation Tracker

TOOL

Pursuit of app-iness: the legal considerations of SDKs

Major trends in US cybersecurity law and policy

Florida bill introduces data breach immunity for entities meeting industry cybersecurity standards

Lions and tigers and bears, oh my! Global legal risks in cybersecurity investigations

Back to top

Enforcement of cybersecurity practices

Enforcement

Cybersecurity and the cloud: Lessons from FCC cloud breach enforcement

Biased AI systems face the music: Analyzing the FTC’s Rite Aid enforcement

California privacy agency lays out vision for cybersecurity regulation

Managing Data Breach Liability & Exposure

WEB CONFERENCE

State Attorneys General on privacy, cybersecurity, enforcement and legislation

ARTICLE SERIES

FTC Cases and Proceedings

Keynote: Lina Khan, Chair of the Federal Trade Commission (IAPP Global Privacy Summit 2022)

Hidden privacy lessons in the FTC’s CafePress security enforcement

FTC Chair Lina Khan opens up on tech enforcement

Mass. attorney general stands up Data Privacy, Security Division

FTC-Facebook vs. largest global privacy and security fines

INFOGRAPHIC

IAPP Guide to FTC Privacy Enforcement

WHITE PAPER

Back to top

Ransomware

Takeaways from Ohio court ruling on ransomware and insurance exclusions

Ransomware: 5 critical tips for organizations

Ransomware, data protection and compliance

Amid a global pandemic, ransomware increasingly targets hospitals

Back to top

Product liability

Third-party liability and product liability for AI systems

UK product security obligations and liability

Liability for software insecurity: Striking the right balance

Back to top

Evolution of the “reasonable” security standard

Third-party liability and product liability for AI systems

UK product security obligations and liability

Liability for software insecurity: Striking the right balance

Back to top