The legal issues regarding data security get more complicated when you consider that 47 states currently require relatively swift investigation and reporting to individuals when a cyberintrusion is detected. It is pretty obvious that the lawyers representing companies need to understand these state reporting requirements. Congress is considering a federal law to create uniformity.
Hardly a day goes by without a headline about a cyberintrusion. No entity is immune — international retailers, airlines, hotels, mom and pop stores, cloud providers — even the U.S. government. However, it seems that few businesses contemplate how important it is for their attorney to know and understand cybersecurity, as well as know what to do when a cyberintrusion occurs.
The U.S. government — itself a cybervictim — provides the guidance we have been waiting for. The Cybersecurity Unit, part of the Computer Crime & Intellectual Property Section (CCIPS) within the Department of Justice Criminal Division, earlier this year issued its Best Practices for Victim Response and Reporting of Cyber Incidents.
Related Insights
January 8, 2026
Manufacturing Industry Advisor
CPSC Enforcement Under a Reorganized DOJ
On December 22, 2025, the U.S. Department of Justice (DOJ), in coordination with the U.S. Consumer Product Safety Commission (CPSC),…
January 8, 2026
Ex Parte PTAB Decisions Rein In Obviousness-Type Double Patenting Rejections
January 6, 2026
Foley Viewpoints
Shifting Enforcement Priorities at the CFTC and the SEC
Under the new administration, priorities have shifted at the Commodity Futures Trading Commission and the Securities and Exchange Commission, particularly with the enforcement divisions at both agencies — which had faced widespread internal and external criticism. Both the CFTC and SEC are undergoing structural changes as a shift away from regulation through enforcement. This article discusses these developments in detail.