Professional Documents
Culture Documents
Cybersecurity Law
Protect Yourself and Your
Customers
Shimon Brathwaite
Cybersecurity Law: Protect Yourself and Your Customers
10 9 8 7 6 5 4 3 2 1
Keywords
cybersecurity, information security law, cybersecurity legislation, data
privacy laws, cyber law and intellectual property, encryption, e ncryption
laws, data ownership, pipeda, phipa, privacy act, data regulation, p ersonally
identifiable information, online privacy protection act, cybersecurity law,
cybersecurity lawsuits, cyber liability, legal liability, outsourcing liability,
outsourcing data privacy, how to outsource data privacy, cybersecurity
specific insurance. cybersecurity insurance, cyber insurance, cybersecurity
insurance plan, third- party cyber risk insurance, information security
policy, data ownership, data privacy and law enforcement, cybersecurity
law in canada, cybersecurity law in the united states, how to automate
compliance, patch management, lawsuits, internet law, data breaches,
digital assets, digital asset protection
Contents
Chapter 1 Introduction to Information Security Law:
This Will Explain the Current Laws Around
Information Security that Businesses Need to
Be Aware of����������������������������������������������������������������������1
Chapter 2 Cyber Law and Intellectual Property: This Chapter
Will Address an Important Aspect of Cyber Law
Related to Protecting a Companies IP�������������������������������5
Chapter 3 What Are the Corporate Requirements for
Cybersecurity?: This Goes into Detail About
What Actions Companies Need to Take to Ensure
that They Are in Full Compliance with Information
Security Legislation�����������������������������������������������������������9
Chapter 4 What Are the Financial and Reputational Implications
of Information Security Legislation: What Types of
Lawsuits Can Be Brought Against a Company that
Doesn’t Comply with the Current Information
Security Laws and How Costly Are They?�����������������������31
Chapter 5 Required Encryption Standards: This Chapter
Will Discuss the Importance of Using a Certain
Level of Encryption for any Information that You’re
Company Holds While It Is in Your Possession and
When It Is in Transit (on Your Website, Sent to
Third Party Partners, and so on) and How You
Can Find Software that Will Do This for You�����������������37
Chapter 6 How to Offload Legal Liability onto Third Parties:
This Chapter Will Discuss Third Party Solutions
that You Can Use to Secure Your Data and Will
Accept Liability if any Data Breaches Do Occur�������������45
x Contents
Introduction to Information
Security Law
This Will Explain the Current Laws
Around Information Security that
Businesses Need to Be Aware of
phone numbers, usernames and passwords, first and last names, and so
on. From there the hackers can use this information in a couple of ways
to make a profit:
These are just a few of the potential ways that information can be used
once it has been stolen from your company. This is where the legal aspect
comes in, if your company is found to be negligent in your handling of
your customers personal information and that data is stolen and used
in a way that causes harm to the customer, you could be found liable
and incur even more costs in settling lawsuits. Due to the increase in
cybercrime activity in the last decade, governments have begun to imple-
ment more cybersecurity legislation demanding the businesses imple-
ment specific types of security practices. In the United States in 2017
alone, 42 states combined to pass more than 240 bills related to cyber-
security “Cybersecurity Legislation 2017 - Legislative News, Studies ...
(December/January, 2017).” I’ll use two of these as examples of what a
company needs to be cautious of:
Introduction to Information Security Law 3
References
https://searchsecurity.techtarget.com/definition/information-security-infosec
https://searchfinancialsecurity.techtarget.com/definition/personally-identifiable-
information
https://csoonline.com/article/3153707/security/top-5-cybersecurity-facts-
figures-and-statistics.html
https://qz.com/460482/heres-what-your-stolen-identity-goes-for-on-the-
internets-black-market/
http://ncsl.org/research/telecommunications-and-information-technology/
cybersecurity-legislation-2017.aspx
Collins, K. September 15, 2015. “Here’s What Your Stolen Identity Goes for on
the Internet’s Black Market.” Retrieved from https://qz.com/460482/heres-
what-your-stolen-identity-goes-for-on-the-internets-black-market/
Cybersecurity Legislation. 2017. “Legislative News, Studies. (December/January,
2017).” Retrieved from http://ncsl.org/research/telecommunications-and-
information-technology/cybersecurity-legislation-2017.aspx
Morgan, S. January 23, 2018. “Top 5 Cybersecurity Facts, Figures and Statistics
for 2018.” Retrieved from https://csoonline.com/article/3153707/security/
top-5-cybersecurity-facts-figures-and-statistics.html
Rouse, M. n.d. “What is Personally Identifiable Information (PII)?” Definition
from WhatIs.com. Retrieved from https://searchfinancialsecurity.techtarget.
com/definition/personally-identifiable-information
“What is Information Security (Infosec)?” n.d. Definition from WhatIs.com.
Retrieved from https://searchsecurity.techtarget.com/definition/information-
security-infosec
Index
Automated compliance tools, 79–80 Cybersecurity laws
AxCrypt, 39 federal laws, 32–33
state laws, 33–34
Backing up data, 62–63 Cybersecurity measures
Bring your own devices (BYOD), 74 organizational measures, 83–84
Business use only information, 58 physical protection, 83
BYOD. See Bring your own devices technology measures, 84