The legal issues regarding data security get more complicated when you consider that 47 states currently require relatively swift investigation and reporting to individuals when a cyberintrusion is detected. It is pretty obvious that the lawyers representing companies need to understand these state reporting requirements. Congress is considering a federal law to create uniformity.
Hardly a day goes by without a headline about a cyberintrusion. No entity is immune — international retailers, airlines, hotels, mom and pop stores, cloud providers — even the U.S. government. However, it seems that few businesses contemplate how important it is for their attorney to know and understand cybersecurity, as well as know what to do when a cyberintrusion occurs.
The U.S. government — itself a cybervictim — provides the guidance we have been waiting for. The Cybersecurity Unit, part of the Computer Crime & Intellectual Property Section (CCIPS) within the Department of Justice Criminal Division, earlier this year issued its Best Practices for Victim Response and Reporting of Cyber Incidents.
Related Insights
January 9, 2026
Foley Viewpoints
New York Further Amends CPLR §2106, Broadening and Clarifying the Use of Affirmations in Lieu of Affidavits and Other Sworn Statements
The evolution of Section 2106 from a narrow, procedural shortcut into a comprehensive substitute for affidavits, verifications, and other sworn statements marks a significant modernization and streamlining of New York practice, with this new amendment reflecting the legislature’s intent to align more with federal practice while preserving New York’s own unique statutory requirements.
January 9, 2026
Labor & Employment Law Perspectives
Navigating Workplace AI When Federal, State Policies Clash
January 9, 2026
Foley Viewpoints