Cybersecurity Law

Click to enlarge

Author(s):	Kosseff, Jeff
ISBN No.:	9781394265893
Pages:	928
Year:	202510
Format:	Trade Cloth (Hard Cover)
Price:	$ 176.68
Dispatch delay:	Dispatched between 7 to 15 days
Status:	Available

Qty: Add to Cart

Synopsis
Table of contents
Full Details

About the Author xvii Foreword to the Fourth Edition (2026) xix Foreword to the Third Edition (2023) xxi Foreword to the Second Edition (2019) xxiii Acknowledgment and Disclaimers xxvii Introduction to First Edition xxix 1 Data Security Laws and Enforcement Actions 1 1.1 FTC Data Security 2 1.1.1 Overview of Section 5 of the FTC Act 2 1.1.2 Wyndham: Does the FTC Have Authority to Regulate Data Security Under Section 5 of the FTC Act? 6 1.1.3 LabMD: What Constitutes "Unfair" Data Security? 10 1.

1.4 FTC June 2015 Guidance on Data Security, and 2017 Updates 13 1.1.5 FTC Data Security Expectations and the NIST Cybersecurity Framework 18 1.1.6 Lessons from FTC Cybersecurity Complaints 18 1.1.6.

1 Failure to Secure Highly Sensitive Information 19 1.1.6.1.1 Use Industry- standard Encryption for Sensitive Data 20 1.1.6.1.

2 Routine Audits and Penetration Testing Are Expected 20 1.1.6.1.3 Health- Related Data Requires Especially Strong Safeguards 21 1.1.6.1.

4 Data Security Protection Extends to Paper Documents 23 1.1.6.1.5 Business- to- Business Providers Also Are Accountable to the FTC for Security of Sensitive Data 25 1.1.6.1.

6 Companies Are Responsible for the Data Security Practices of Their Contractors 27 1.1.6.1.7 Make Sure that Every Employee Receives Regular Data Security Training for Processing Sensitive Data 28 1.1.6.1.

8 Privacy Matters, Even in Data Security 28 1.1.6.1.9 Limit the Sensitive Information Provided to Third Parties 29 1.1.6.1.

10 Children''s Data Requires Special Protection 29 1.1.6.1.11 Promptly Notify Customers of Breaches of Sensitive Data 30 1.1.6.2 Failure to Secure Payment Card Information 31 1.

1.6.2.1 Adhere to Security Claims about Payment Card Data 31 1.1.6.2.2 Always Encrypt Payment Card Data 32 1.

1.6.2.3 Payment Card Data Should Be Encrypted Both in Storage and at Rest 32 1.1.6.2.4 In- store Purchases Pose Significant Cybersecurity Risks 33 1.

1.6.2.5 Minimize Duration of Storage of Payment Card Data 35 1.1.6.2.6 Monitor Systems and Networks for Unauthorized Software 35 1.

1.6.2.7 Apps Should Never Override Default App Store Security Settings 36 1.1.6.3 Failure to Adhere to Security Claims 36 1.1.

6.3.1 Companies Must Address Commonly Known Security Vulnerabilities 37 1.1.6.3.2 Ensure That Security Controls Are Sufficient to Abide by Promises About Security and Privacy 38 1.1.

6.3.3 Omissions about Key Security Flaws Also Can Be Misleading 40 1.1.6.3.4 Companies Must Abide by Promises for Security- related Consent Choices 41 1.1.

6.3.5 Companies That Promise Security Must Ensure Adequate Authentication Procedures 42 1.1.6.3.6 Adhere to Promises About Encryption 43 1.1.

6.3.7 Promises About Security Extend to Vendors'' Practices 44 1.1.6.3.8 Companies Cannot Hide Vulnerable Software in Products 44 1.1.

7 FTC and Software Patching 44 1.2 State Data Breach Notification Laws 45 1.2.1 When Consumer Notifications Are Required 46 1.2.1.1 Definition of Personal Information 47 1.2.

1.2 Encrypted Data 48 1.2.1.3 Risk of Harm 48 1.2.1.4 Safe Harbors and Exceptions to Notice Requirement 49 1.

2.2 Notice to Individuals 49 1.2.2.1 Timing of Notice 49 1.2.2.2 Form of Notice 50 1.

2.2.3 Content of Notice 50 1.2.3 Notice to Regulators and Consumer Reporting Agencies 51 1.2.4 Penalties for Violating State Breach Notification Laws 51 1.3 State Data Security Laws 51 1.

3.1 Oregon 53 1.3.2 Rhode Island 54 1.3.3 Nevada 55 1.3.4 Massachusetts 56 1.

3.5 Ohio 58 1.3.6 Alabama 59 1.3.7 New York 60 1.4 State Data Disposal Laws 60 2 Cybersecurity Litigation 63 2.1 Article III Standing 64 2.

1.1 Applicable Supreme Court Rulings on Standing 66 2.1.2 Lower Court Rulings on Standing in Data Breach Cases 71 2.1.2.1 Injury- in- fact 71 2.1.

2.1.1 Broad View of Injury- in- fact 71 2.1.2.1.2 Narrow View of Injury- in- fact 76 2.1.

2.1.3 Attempts at Finding a Middle Ground for Injury- in- fact 80 2.1.2.2 Fairly Traceable 81 2.1.2.

3 Redressability 83 2.2 Common Causes of Action Arising from Data Breaches 84 2.2.1 Negligence 84 2.2.1.1 Legal Duty and Breach of Duty 84 2.2.

1.2 Cognizable Injury 87 2.2.1.3 Causation 91 2.2.2 Negligent Misrepresentation or Omission 93 2.2.

3 Breach of Contract 95 2.2.4 Breach of Implied Warranty 102 2.2.5 Invasion of Privacy 106 2.2.6 Unjust Enrichment 108 2.2.

7 State Consumer Protection Laws 110 2.3 Class Action Certification in Data Breach Litigation 113 2.3.1 Kostka v. Dickey''s Barbecue Restaurants, Case No. 3:20- cv- 3424 (N.D. Tex.

Oct. 14, 2022) 115 2.3.2 In re Wawa, Inc. Data Security Litigation, No. 19- cv- 6019 (E.D. Pa.

July 30, 2021) 116 2.3.3 In re Hannaford Bros. Co. Customer Data Security Breach Litigation, No. 2:08- MD- 1954 (D. Me. Mar.

13, 2013) 117 2.3.4 In re Heartland Payment Systems, Inc. Customer Data Security Breach Litigation: Consumer Track Litigation, 851 F. Supp. 2d 1040 (S.D. Tex.

2012) 120 2.4 Insurance Coverage for Data Breaches 122 2.5 Protecting Cybersecurity Work Product and Communications from Discovery 126 2.5.1 Attorney- Client Privilege 128 2.5.2 Work Product Doctrine 131 2.5.

3 Nontestifying Expert Privilege 133 2.5.4 Genesco v. Visa 134 2.5.5 In re Experian Data Breach Litigation 137 2.5.6 In re Premera 138 2.

5.7 In re United Shore Financial Services 140 2.5.8 In re Dominion Dental Services USA, Inc. Data Breach Litigation 140 2.5.9 In re Capital One Consumer Data Security Breach Litigation 142 2.5.

10 Securities and Exchange Commission v. Covington & Burling 142 3 Cybersecurity Requirements for Specific Industries 145 3.1 Financial Institutions: GLBA Safeguards Rule 146 3.1.1 Interagency Guidelines 146 3.1.2 SEC''s Regulation S- P 148 3.1.

3 FTC Safeguards Rule 150 3.2 Financial Institutions: Banking Organization Computer- Security Incident Notification Regulation 153 3.3 New York Department of Financial Services Cybersecurity Regulations 153 3.4 Financial Institutions and Creditors: Red Flags Rule 156 3.4.1 Financial Institutions or Creditors 159 3.4.2 Covered Accounts 160 3.

4.3 Requirements for a Red Flags Identity Theft Prevention Program 161 3.4.4 Enforcement of the Red Flags Rule 162 3.5 Companies that Use Payment and Debit Cards: PCI DSS 162 3.6 Health Providers: HIPAA Security Rule 165 3.7 Electric Transmission: FERC Critical Infrastructure Protection Reliability Standards 171 3.7.

1 CIP- 003- 8: Cybersecurity-- Security Management Controls 171 3.7.2 CIP- 004- 7: Personnel and Training 172 3.7.3 CIP- 005- 7: Electronic Security Perimeters 172 3.7.4 CIP- 006- 6: Physical Security of Cyber Systems 172 3.7.

5 CIP- 007- 6: Systems Security Management 173 3.7.6 CIP- 008- 6: Incident Reporting and Response Planning 173 3.7.7 CIP- 009- 6: Recovery Plans for Cyber Systems 173 3.7.8 CIP- 010- 4: Configuration Change Management and Vulnerability Assessments 174 3.7.

9 CIP- 011- 2: Information Protection 174 3.7.10 CIP- 012- 1: Communications Between Control Centers 174 3.7.11 CIP- 013- 2: Supply Chain Risk Management 174 3.7.12 CIP- 14- 3: Physical Security of Cyber Systems 175 3.8 NRC Cybersecurity Regulations 175 3.

9 State Insurance Cybersecurity Laws 176 3.10 Cyber Incident Reporting for Critical Infrastructure Act (circia) 179 4 Cybersecurity and Corporate Governance 181 4.1 SEC Cybersecurity Expectations for Publicly Traded Companies 182 4.1.1 Example of SEC Expectations: Yahoo! Data Breach 185 4.2 Fiduciary Duty to Shareholders and Derivative Lawsuits Arising from Data Breaches 186 4.3 CFIUS and Cybersecurity 190 4.4 Law Firms and Cybersecurity 192 5 Antihacking Laws 195 5.

1 Computer Fraud and Abuse Act 196 5.1.1 Origins of the CFAA 196 5.1.2 Access Without Authorization and Exceeding Authorized Access 197 5.1.2.1 Narrow View of "Exceeds Authorized Access" and "Without Authorization" 200 5.

1.2.2 Broader View of "Exceeds Authorized Access" and "Without Authorization" 205 5.1.2.3 Finding Some Clarity: Van Buren v. United States 207 5.1.

2.4 Impact of Van Buren 210 5.1.3 The Seven Sections of the CFAA 212 5.1.3.1 CFAA Section (a)(1): Hacking to Commit Espionage 213 5.1.

3.2 CFAA Section (a)(2): Hacking to Obtain Information 214 5.1.3.3 CFAA Section (a)(3): Hacking a Federal Government Computer 218 5.1.3.4 CFAA Section (a)(4): Hacking to Commit Fraud 220 5.

1.3.5 CFAA Section (a)(5): Hacking to Damage a Computer 222 5.1.3.5.1 CFAA Section (a)(5)(A): Knowing Transmission that Intentionally Damages a Computer Without Authorization 223 5.1.

3.5.2 CFAA Section (a)(5)(B): Intentional Access Without Authorization that Recklessly Causes Damage 226 5.1.3.5.3 CFAA Section (a)(5)(C): Intentional Access Without Authorization that Causes Damage and Loss 227 5.1.

3.5.4 CFAA Section (a)(5): Requirements for Felony and Misdemeanor Cases 228 5.1.3.6 CFAA Section (a)(6): Trafficking in Passwords 230 5.1.3.

7 CFAA Section (a)(7): Threatening to Damage or Obtain Information from a Computer 232 5.1.4 Civil Actions Under the CFAA 235 5.1.5 Criticisms of the CF.

To be able to view the table of contents for this publication then please subscribe by clicking the button below...

To be able to view the full description for this publication then please subscribe by clicking the button below...