The legal issues regarding data security get more complicated when you consider that 47 states currently require relatively swift investigation and reporting to individuals when a cyberintrusion is detected. It is pretty obvious that the lawyers representing companies need to understand these state reporting requirements. Congress is considering a federal law to create uniformity.
Hardly a day goes by without a headline about a cyberintrusion. No entity is immune — international retailers, airlines, hotels, mom and pop stores, cloud providers — even the U.S. government. However, it seems that few businesses contemplate how important it is for their attorney to know and understand cybersecurity, as well as know what to do when a cyberintrusion occurs.
The U.S. government — itself a cybervictim — provides the guidance we have been waiting for. The Cybersecurity Unit, part of the Computer Crime & Intellectual Property Section (CCIPS) within the Department of Justice Criminal Division, earlier this year issued its Best Practices for Victim Response and Reporting of Cyber Incidents.