Jonathan Feld, Susan Asam and Leyton Nelson Co-Author Corporate Counsel Article on Cybersecurity

Dykema lawyers—Jonathan Feld, member of the Firm’s Litigation Department whose practice focuses on Business Litigation, White-Collar Criminal Defense, Internal Investigations and Corporate Compliance matters; Susan Asam, an attorney in the Firm’s Product and Professional Liability Litigation Group; and Leyton Nelson, a lawyer in the Firm’s Business Litigation Practice Group—co-authored an article—“Coping with Evolving U.S., State Cyber-Security Rules”—that appeared in the May 12, 2014 issue of Corporate Counsel.

In the article, they discuss how the government is wrestling with the issues presented by data breaches in the private sector. They note that while legislative “fixes” are the government’s first line of defense, it is unclear whether a mandatory compliance model will be effective, given the speed with which hackers operate. Another question is one of jurisdiction: with federal, state and now regulatory agencies such as the Federal Trade Commission involved, who is best equipped to enforce the law?

The complexity of policing cybersecurity:  with more than 50 federal laws currently governing some aspect of cybersecurity law, and a multitude of agencies having jurisdiction over cybersecurity issues—in such disparate sectors as finance, energy and health care—makes achieving consensus on standards difficult to achieve.

The authors note that states are unlikely to take a “back seat” to the federal government on data breach issues. They observe that a federal-state cybersecurity disclosure model—not unlike the Health Insurance Portability and Accountability Act (HIPAA)—could emerge, but not at the expense of state efforts being supplanted by a federal disclosure law.

The article concludes by reminding corporate counsel:

1. to monitor proposed bills requiring federal disclosure in the event of a breach; and
2. to seek guidance on the jurisdictional scope and requirements of state statutes