05 Oct Why Lawyers And Cybersecurity Technologists Need To Speak The Same Language
Successful collaboration ensures the right cyber and privacy safeguards are built into products and processes.
– Rebecca Hughes Parker, Global Editor-in-Chief, The Cybersecurity Law Report
New York, N.Y. – Oct. 4, 2018
Where do lawyers fit in the world of cybersecurity? I sat down with Georgia Reid, Managing Editor of Cybercrime Magazine, to talk about how lawyers and technologists can interact, and other hot legal topics in cybersecurity and data privacy that we have been analyzing in The Cybersecurity Law Report. The video is here.
At the CSLR, we leverage our own experience as lawyers to procure other expert perspectives. The mix of legal analysis and journalism that we provide in our content helps outside and in-house counsel and compliance professionals understand the fast-moving issues in cyber and privacy, and offers them practical guidance on compliance strategies and best business practices. Our long-form articles come out once a week at cslawreport.com. We also host complimentary webinars with various experts on some of our most popular topics.
We call one of those topics “Tech Meets Legal.” As I explained to Georgia in our interview, a concern we have heard again and again from lawyers and technologists is that it can be difficult to collaborate and speak the same language — a must in this field. One best practice is to collaborate sooner rather than later so that, for example, the right cyber and privacy safeguards are built into products and processes. Another is making sure that, as a lawyer, you understand the operational impact your recommendations may have and that, as a technologist, you understand the legal meaning of certain terms (such as “breach” and “personal data”) and you are using them precisely. Where these professionals sit within the company and to whom they report can also affect how well they interact. My colleague Jill Abitbol wrote a series in September about the roles of the CPO and the CISO.
The General Data Protection Regulation (GDPR) — the E.U.’s sweeping new privacy regulation that came into effect in May — was another hot topic in Q1 and Q2 and companies continue to determine what their exposure is and whether their compliance steps are sufficient. One aspect of the law that may be a challenge is the 72-hour breach reporting requirement. I wrote a series about GDPR compliance in the financial sector this summer, focusing on, among other things, the compliance environment, the risk of collection action, extraterritorial applicability and potential enforcement priorities. We don’t know a lot about enforcement yet, but, as Georgia and I discussed, the Irish Data Protection Agency is looking at the Facebook breach and may take action, with the potential for severe penalties.
California recently passed a law modeled partially on GDPR — the first of its kind in the U.S. — that is set to go into effect in 2020. My colleague Amy Terry Sheehan analyzed it and we will continue to be looking at how U.S. companies may have to change their privacy and security practices as the law goes through the amendment process.
Among the articles on tap for us are a series about cyber insurance — which started to run October 3 — and a deep dive into New York Department of Financial Services’ Cybersecurity Regulation.
It was a pleasure to talk to Georgia, and I look forward to continuing our conversation.
– Rebecca Hughes Parker is Global Editor-in-Chief at The Cybersecurity Law Report