O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Cybersecurity Law

Book Description

A definitive guide to cybersecurity law

Expanding on the author’s experience as a cybersecurity lawyer and law professor, Cybersecurity Law is the definitive guide to cybersecurity law, with an in-depth analysis of U.S. and international laws that apply to data security, data breaches, sensitive information safeguarding, law enforcement surveillance, cybercriminal combat, privacy, and many other cybersecurity issues. Written in an accessible manner, the book provides real-world examples and case studies to help readers understand the practical applications of the presented material. The book begins by outlining the legal requirements for data security, which synthesizes the Federal Trade Commission’s cybersecurity cases in order to provide the background of the FTC’s views on data security. The book also examines data security requirements imposed by a growing number of state legislatures and private litigation arising from data breaches. Anti-hacking laws, such as the federal Computer Fraud and Abuse Act, Economic Espionage Act, and the Digital Millennium Copyright Act, and how companies are able to fight cybercriminals while ensuring compliance with the U.S. Constitution and statutes are discussed thoroughly. Featuring an overview of the laws that allow coordination between the public and private sectors as well as the tools that regulators have developed to allow a limited amount of collaboration, this book also:

• Addresses current U.S. and international laws, regulations, and court opinions that define the field of cybersecurity including the security of sensitive information, such as financial data and health information

• Discusses the cybersecurity requirements of the largest U.S. trading partners in Europe, Asia, and Latin America, and specifically addresses how these requirements are similar to (and differ from) those in the U.S.

• Provides a compilation of many of the most important cybersecurity statutes and regulations

• Emphasizes the compliance obligations of companies with in-depth analysis of crucial U.S. and international laws that apply to cybersecurity issues

• Examines government surveillance laws and privacy laws that affect cybersecurity as well as each of the data breach notification laws in 47 states and the District of Columbia

• Includes numerous case studies and examples throughout to aid in classroom use and to help readers better understand the presented material

• Supplemented with a companion website that features in-class discussion questions and timely and recent updates on recent legislative developments as well as information on interesting cases on relevant and significant topics

Cybersecurity Law is appropriate as a textbook for undergraduate and graduate-level courses in cybersecurity, cybersecurity law, cyber operations, management-oriented information technology (IT), and computer science. This book is also an ideal reference for lawyers, IT professionals, government personnel, business managers, IT management personnel, auditors, and cybersecurity insurance providers.

JEFF KOSSEFF is Assistant Professor of Cybersecurity Law at the United States Naval Academy in Annapolis, Maryland. He frequently speaks and writes about cybersecurity and was a journalist covering technology and politics at The Oregonian, a finalist for the Pulitzer Prize, and a recipient of the George Polk Award for national reporting.

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright
  4. Dedication
  5. About the Author
  6. Acknowledgment
  7. About the Companion Website
  8. Introduction
    1. Private Sector Data Security Laws (Chapters 1–4)
    2. Anti-Hacking Laws (Chapter 5)
    3. Public–Private Security Efforts (Chapter 6)
    4. Government Surveillance Laws (Chapter 7)
    5. Cybersecurity Requirements for Government Contractors (Chapter 8)
    6. Privacy Law (Chapter 9)
  9. Chapter 1: Data Security Laws and Enforcement Actions
    1. 1.1 FTC Data Security
    2. 1.2 State Data Breach Notification Laws
    3. 1.3 State Data Security Laws
    4. 1.4 State Data Disposal Laws
  10. Chapter 2: Cybersecurity Litigation
    1. 2.1 Article III Standing
    2. 2.2 Common Causes of Action Arising from Data Breaches
    3. 2.3 Class Action Certification in Data Breach Litigation
    4. 2.4 Insurance Coverage for Cybersecurity Incidents
    5. 2.5 Protecting Cybersecurity Work Product and Communications from Discovery
  11. Chapter 3: Cybersecurity Requirements for Specific Industries
    1. 3.1 Financial Institutions: Gramm-Leach-Bliley Act Safeguards Rule
    2. 3.2 Financial Institutions and Creditors: Red Flag Rule
    3. 3.3 Companies that use Payment and Debit Cards: Payment Card Industry Data Security Standard (PCI DSS)
    4. 3.4 Health Providers: Health Insurance Portability and Accountability Act (HIPAA) Security Rule
    5. 3.5 Electric Utilities: Federal Energy Regulatory Commission Critical Infrastructure Protection Reliability Standards
    6. 3.6 Nuclear Regulatory Commission Cybersecurity Regulations
  12. Chapter 4: Cybersecurity and Corporate Governance
    1. 4.1 Securities and Exchange Commission Cybersecurity Expectations for Publicly Traded Companies
    2. 4.2 Fiduciary Duty to Shareholders and Derivative Lawsuits Arising from Data Breaches
    3. 4.3 Committee on Foreign Investment in the United States and Cybersecurity
    4. 4.4 Export Controls and the Wassenaar Arrangement
  13. Chapter 5: Anti-Hacking Laws
    1. 5.1 Computer Fraud and Abuse Act
    2. 5.2 State Computer Hacking Laws
    3. 5.3 Section 1201 of the Digital Millennium Copyright Act
    4. 5.4 Economic Espionage Act
  14. Chapter 6: Public–Private Cybersecurity Partnerships
    1. 6.1 U.S. Government's Civilian Cybersecurity Organization
    2. 6.2 Department of Homeland Security Information Sharing under the Cybersecurity Act of 2015
    3. 6.3 Energy Department's Cyber-Threat Information Sharing
    4. 6.4 Critical Infrastructure Executive Order and the National Institute of Standards and Technology's Cybersecurity Framework
    5. 6.5 U.S. Military Involvement in Cybersecurity and the Posse Comitatus Act
  15. Chapter 7: Surveillance and Cyber
    1. 7.1 Fourth Amendment
    2. 7.2 Electronic Communications Privacy Act
    3. 7.3 Communications Assistance for Law Enforcement Act (CALEA)
    4. 7.4 Encryption and the All Writs Act
  16. Chapter 8: Cybersecurity and Federal Government Contractors
    1. 8.1 Federal Information Security Management Act
    2. 8.2 NIST Information Security Controls for Government Agencies and Contractors
    3. 8.3 Classified Information Cybersecurity
    4. 8.4 Covered Defense Information and Controlled Unclassified Information
  17. Chapter 9: Privacy Laws
    1. 9.1 Section 5 of the FTC Act and Privacy
    2. 9.2 Health Insurance Portability and Accountability Act
    3. 9.3 Gramm-Leach-Bliley Act and California Financial Information Privacy Act
    4. 9.4 CAN-SPAM Act
    5. 9.5 Video Privacy Protection Act
    6. 9.6 Children's Online Privacy Protection Act
    7. 9.7 California Online Privacy Laws
    8. 9.8 Illinois Biometric Information Privacy Act
  18. Chapter 10: International Cybersecurity Law
    1. 10.1 European Union
    2. 10.2 Canada
    3. 10.3 China
    4. 10.4 Mexico
    5. 10.5 Japan
  19. Appendix A: Text of Section 5 of the FTC Act
    1. Text of Section 5 of the Federal Trade Commission Act, 15 U.S.C. § 45
  20. Appendix B: Summary of State Data Breach Notification Laws
    1. Alaska
    2. Arizona
    3. Arkansas
    4. California
    5. Colorado
    6. Connecticut
    7. Delaware
    8. District of Columbia
    9. Florida
    10. Georgia
    11. Hawaii
    12. Idaho
    13. Illinois
    14. Indiana
    15. Iowa
    16. Kansas
    17. Kentucky
    18. Louisiana
    19. Maine
    20. Maryland
    21. Massachusetts
    22. Michigan
    23. Minnesota
    24. Mississippi
    25. Missouri
    26. Montana
    27. Nebraska
    28. Nevada
    29. New Hampshire
    30. New Jersey
    31. New York
    32. North Carolina
    33. North Dakota
    34. Ohio
    35. Oklahoma
    36. Oregon
    37. Pennsylvania
    38. Rhode Island
    39. South Carolina
    40. Tennessee
    41. Texas
    42. Utah
    43. Vermont
    44. Virginia
    45. Washington State
    46. West Virginia
    47. Wisconsin
    48. Wyoming
  21. Appendix C: Text of Section 1201 of the Digital Millennium Copyright Act
    1. U.S.C. § 1201
  22. Appendix D: Text of the Computer Fraud and Abuse Act
    1. Text of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030
  23. Appendix E: Text of the Electronic Communications Privacy Act
    1. §2510. Definitions
    2. §2511. Interception and disclosure of wire, oral, or electronic communications prohibited
    3. §2512. Manufacture, distribution, possession, and advertising of wire, oral, or electronic communication intercepting devices prohibited
    4. §2513. Confiscation of wire, oral, or electronic communication intercepting devices
    5. §2514. Repealed
    6. §2515. Prohibition of use as evidence of intercepted wire or oral communications
    7. §2516. Authorization for interception of wire, oral, or electronic communications
    8. §2517. Authorization for disclosure and use of intercepted wire, oral, or electronic communications
    9. §2518. Procedure for interception of wire, oral, or electronic communications
    10. §2519. Reports concerning intercepted wire, oral, or electronic communications
    11. §2520. Recovery of civil damages authorized
    12. §2521. Injunction against illegal interception
    13. §2522. Enforcement of the Communications Assistance for Law Enforcement Act
    14. §2701. Unlawful access to stored communications
    15. §2702. Voluntary disclosure of customer communications or records
    16. 2703. Required disclosure of customer communications or records
    17. §2704. Backup preservation
    18. §2705. Delayed notice
    19. §2706. Cost reimbursement
    20. §2707. Civil action
    21. §2708. Exclusivity of remedies
    22. §2709. Counterintelligence access to telephone toll and transactional records
    23. §2711. Definitions for chapter
    24. §2712. Civil actions against the United States
    25. §3121. General prohibition on pen register and trap and trace device use; exception
    26. §3122. Application for an order for a pen register or a trap and trace device
    27. §3123. Issuance of an order for a pen register or a trap and trace device
    28. §3124. Assistance in installation and use of a pen register or a trap and trace device
    29. §3125. Emergency pen register and trap and trace device installation
    30. §3126. Reports concerning pen registers and trap and trace devices
    31. §3127. Definitions for chapter
  24. Index
  25. End User License Agreement