Emerging Markets Law

DOJ Issues Guidance on Cybersecurity

Showing an increased level of concern for coordination between industry and the public, the U.S. Department of Justice ("DOJ") has issued guidance on cybersecurity risks and the steps that industry and consumers should take to prepare for cybersecurity threats.

The DOJ guidance on cybersecurity is very basic.  The guidance is roughly 15 pages long and suggests that businesses familiarize themselves with their information networks and develop a plan for how to respond in the event of a breach in security.  (Nothing novel here.)

Nevertheless, it is helpful to see the government doing something constructive.  Putting together a list of bullet points of fairly obvious things that industry and consumers ought to know already is a least a start.

Given high-profile data breaches at companies like Anthem, Home Depot, EBay and Target, its hard to imagine any consumer (let alone any large company CEO or General Counsel) being unaware of the risk of a data breach and the need to prepare for cybersecurity.

The Association of Corporate Counsel published a guide to online data privacy for its inhouse counsel members in 2011 and I co-authored a white paper entitled, U.S. Data Privacy Regulation: State Legislation, Federal Preemption and Operational Challenges for Service Providers back in 2006.  The idea that companies with large data networks faced both a business and a legal imperative to prepare a cybersecurity plan is nothing new.

Inhouse counsel and executives at companies with data networks need to be conversant with their cybersecurity plans.  Firms that don't have plans should immediately get the expert guidance they need to put plans in place.  Many thanks for the helpful reminder from the Department of Justice.

Stay Connected

Subscribe to blog updates via email