Cybersecurity Law

A definitive guide to cybersecurity law Expanding on the author's experience as a cybersecurity lawyer and law professor, Cybersecurity Law is the definitive guide to cybersecurity law, with an in-depth analysis of U.S. and international laws that apply to data security, data breaches, sensitive information safeguarding, law enforcement surveillance, cybercriminal combat, privacy, and many other cybersecurity issues. Written in an accessible manner, the book provides real-world examples and case studies to help readers understand the practical applications of the presented material. The book begins by outlining the legal requirements for data security, which synthesizes the Federal Trade Commission's cybersecurity cases in order to provide the background of the FTC's views on data security. The book also examines data security requirements imposed by a growing number of state legislatures and private litigation arising from data breaches. Anti-hacking laws, such as the federal Computer Fraud and Abuse Act, Economic Espionage Act, and the Digital Millennium Copyright Act, and how companies are able to fight cybercriminals while ensuring compliance with the U.S. Constitution and statutes are discussed thoroughly. Featuring an overview of the laws that allow coordination between the public and private sectors as well as the tools that regulators have developed to allow a limited amount of collaboration, this book also: Addresses current U.S. and international laws, regulations, and court opinions that define the field of cybersecurity including the security of sensitive information, such as financial data and health information Discusses the cybersecurity requirements of the largest U.S. trading partners in Europe, Asia, and Latin America, and specifically addresses how these requirements are similar to (and differ from) those in the U.S. Provides a compilation of many of the most important cybersecurity statutes and regulations Emphasizes the compliance obligations of companies with in-depth analysis of crucial U.S. and international laws that apply to cybersecurity issues Examines government surveillance laws and privacy laws that affect cybersecurity as well as each of the data breach notification laws in 47 states and the District of Columbia Includes numerous case studies and examples throughout to aid in classroom use and to help readers better understand the presented material * Supplemented with a companion website that features in-class discussion questions and timely and recent updates on recent legislative developments as well as information on interesting cases on relevant and significant topics Cybersecurity Law is appropriate as a textbook for undergraduate and graduate-level courses in cybersecurity, cybersecurity law, cyber operations, management-oriented information technology (IT), and computer science. This book is also an ideal reference for lawyers, IT professionals, government personnel, business managers, IT management personnel, auditors, and cybersecurity insurance providers. JEFF KOSSEFF is Assistant Professor of Cybersecurity Law at the United States Naval Academy in Annapolis, Maryland. He frequently speaks and writes about cybersecurity and was a journalist covering technology and politics at The Oregonian, a finalist for the Pulitzer Prize, and a recipient of the George Polk Award for national reporting.

Autorentext

JEFF KOSSEFF is Assistant Professor of Cybersecurity Law at the United States Naval Academy in Annapolis, Maryland. He frequently speaks and writes about cybersecurity and was a journalist covering technology and politics at The Oregonian, a finalist for the Pulitzer Prize, and a recipient of the George Polk Award for national reporting.

Klappentext

A definitive guide to cybersecurity law

Expanding on the author's experience as a cybersecurity lawyer and law professor, Cybersecurity Law is the definitive guide to cybersecurity law, with an in-depth analysis of U.S. and international laws that apply to data security, data breaches, sensitive information safeguarding, law enforcement surveillance, cybercriminal combat, privacy, and many other cybersecurity issues. Written in an accessible manner, the book provides real-world examples and case studies to help readers understand the practical applications of the presented material. The book begins by outlining the legal requirements for data security, which synthesizes the Federal Trade Commission's cybersecurity cases in order to provide the background of the FTC's views on data security. The book also examines data security requirements imposed by a growing number of state legislatures and private litigation arising from data breaches. Anti-hacking laws, such as the federal Computer Fraud and Abuse Act, Economic Espionage Act, and the Digital Millennium Copyright Act, and how companies are able to fight cybercriminals while ensuring compliance with the U.S. Constitution and statutes are discussed thoroughly. Featuring an overview of the laws that allow coordination between the public and private sectors as well as the tools that regulators have developed to allow a limited amount of collaboration, this book also:

• Addresses current U.S. and international laws, regulations, and court opinions that define the field of cybersecurity including the security of sensitive information, such as financial data and health information
• Discusses the cybersecurity requirements of the largest U.S. trading partners in Europe, Asia, and Latin America, and specifically addresses how these requirements are similar to (and differ from) those in the U.S.
• Provides a compilation of many of the most important cybersecurity statutes and regulations
• Emphasizes the compliance obligations of companies with in-depth analysis of crucial U.S. and international laws that apply to cybersecurity issues
• Examines government surveillance laws and privacy laws that affect cybersecurity as well as each of the data breach notification laws in 47 states and the District of Columbia
• Includes numerous case studies and examples throughout to aid in classroom use and to help readers better understand the presented material
• Supplemented with a companion website that features in-class discussion questions and timely and recent updates on recent legislative developments as well as information on interesting cases on relevant and significant topics Cybersecurity Law is appropriate as a textbook for undergraduate and graduate-level courses in cybersecurity, cybersecurity law, cyber operations, management-oriented information technology (IT), and computer science. This book is also an ideal reference for lawyers, IT professionals, government personnel, business managers, IT management personnel, auditors, and cybersecurity insurance providers.

Inhalt
About the Author xv

Acknowledgment xvii

About the Companion Website xix

Introduction xxi

1 Data Security Laws and Enforcement Actions 1

1.1 FTC Data Security 2

1.1.1 Overview of Section 5 of the FTC Act 2

1.1.2 Wyndham: Does the FTC have Authority to Regulate Data Security under Section 5 of the FTC Act? 5

1.1.3 LabMD: What Constitutes Unfair or Deceptive Data Security? 9

1.1.4 FTC June 2015 Guidance on Data Security 11

1.1.5 FTC Protecting Personal Information Guide 14

1.1.6 Lessons from FTC Cybersecurity Complaints 15

1.1.6.1 Failure to Secure Highly Sensitive Information 16

1.1.6.1.1 Use Industry-Standard Encryption for Sensitive Data 16

1.1.6.1.2 Routine Audits and Penetration Testing are Expected 17

1.1.6.1.3 Health-Related Data Requires Especially Strong Safeguards 18

1.1.6.1.4 Data Security Protection Extends to Paper Documents 19

1.1.6.1.5 Business-to-Business Providers also are Accountable to the FTC For Security of Sensitive Data 20

1.1.6.1.6 Companies are Responsible for the Data Security Pr…