13 October 2016
October is National Cyber Security Awareness Month (NCSAM). However, for many in the business community, the need for mere awareness has long passed. Now, many organizations are focused on the next step: planning—how does management best prevent against a breach, and if a breach does happen, what do regulators expect?
Outside counsel are a crucial facet of these strategies, but turning to an attorney every time there is a minor question can be too time-consuming—and costly. To combat this problem, the cybersecurity and data privacy practice at Mayer Brown has issued a new handbook, "Cybersecurity Regulation in the United States: Governing Frameworks and Emerging Trends," which aims to provide a snapshot of key cybersecurity compliance issues across different industries.
The 80-page regulatory handbook is organized primarily by industry, although Stephen Lilley, the Mayer Brown attorney who coordinated the project, told Legaltech News that the industry chapters have commonalities such as implementing cybersecurity plans, vendor management, board governance, and regulatory enforcement. The handbook also focuses on regulatory guidance from federal agencies, ranging from the Federal Trade Commission to the Department of Defense.
"This is a top-line overview; we're not trying to be comprehensive," Lilley stressed. "We picked some of the key factors that we feel our clients are most interested in."
Although Mayer Brown's strength is in the financial industry, the handbook draws from a number of different practice groups, including the auto industry, government contracting, and medical device manufacturing. All told, many of the practice group's 50 attorneys worked on the project, primarily within the United States.
The idea for this handbook, Lilley said, came from a similar firm release last year, coinciding with NCSAM. Having that basis allowed for easy buy-in when firm partner Rajesh De proposed the idea of a general guide.
"Everyone had recognized how well the first book had done, in terms of client response, and everybody wanted the opportunity to provide something useful to the client that also gives a sense of the types of issues that we work on," Lilley explained.
However, with a fast-moving topic such as cybersecurity, providing a tangible guide may result in guidance being rendered obsolete by changing regulations and case law. That's why, Lilley said, the handbook's writers tended to stay away from being too reliant on case law, instead maintaining a "focus on providing key takeaways."
"What we've tried to do is draw significantly broad themes, and identify priority issues and trends so people can see what the direction is," he added. "Certainly, over time any book is going to need to be updated, and I'm sure we'll at some point probably want to update this book, but it's not supposed to be a snapshot in time. It's supposed to help people understand where things are generally."
The firm said it has received "hundreds of requests" for the handbook already. Those interested can request a copy from the firm's website, Mayerbrown.com .
Reprinted with permission from the October 17, 2016 edition of Legaltech News ©
2016 ALM Properties, Inc. All rights reserved. Further duplication without permission is prohibited.