Although businesses and other organizations collect information, including personal data, in increasing volume, organizations often struggle to identify privacy laws applicable to complex, multinational technology implementations. Jurisdictions worldwide now include specific cybersecurity obligations in privacy laws and have passed stand-alone cybersecurity laws. To advise on these compliance matters, attorneys must understand both the law and the technology to which it applies. This book provides an innovative, in-depth survey and analysis of international information privacy and cybersecurity laws worldwide, an introduction to cybersecurity technology, and a detailed guide on organizational practices to protect an organization’s interests and anticipate future compliance developments. This book introduces a legal approach based on industry best practices to develop and manage an effective cybersecurity and privacy program, including the following and more:? methods for identifying threats, managing vulnerabilities, and responding to “incidents”;? processes for managing internal cybersecurity and privacy risk within an organization;? approaches for understanding “data controller” or similar roles and associated accountabilities;? details to clearly understand concepts of informed consumer choice and other consumer privacy rights;? considerations for data breach notification; and? recommended contractual provisionsRegulations and applicable “soft law” will be explored in detail for a wide variety of jurisdictions, including an introduction to the European Union’s Global Data Protection Regulation (GDPR), China’s Cybersecurity Law, the OECD and APEC Guidelines, the US Health Insurance Portability and Accountability Act (HIPAA), and many other national and regional instruments. This book is an indispensable resource for attorneys who must advise on strategic implementations of new technologies, advise on the impact of certain laws to the enterprise, interpret complex cybersecurity and privacy contractual language, and participate in incident response and data breach activities. It will also be of value to other practitioners, such as compliance and security personnel, who need a reference exploring laws and practical implementation guidance.
{{comment.content}}