More: Legal Issues of Cybersecurity and Data Breach Response

Legal Issues of Cybersecurity and Data Breach Response

Legal Issues of Cybersecu…



(Not Required, Just Extra Resources)



Data Breach Response/the In-House Team/The Board

Boards of Directors and Cybersecurity: Applying Lessons Learned From 70 Years of financial Reporting Oversight, by David Fontaine and John Reed Stark (Cybersecurity Docket, 2016)

Cyber Awareness to Cyber Expertise: The Evolution of Board Cyber Risk Management by Phyllis Sumner and Nick Oldham (Directors Governance Center, 2016)

Notes from a Law Firm Chief Privacy Officer: New Demands by Phyllis Sumner (Law 360, August 2017)

Cyber Alert: 2016 Breach Roundup, Part I: U.S. State Data Breach Notification Laws Highlights and Trends (Alston & Bird, December 2016)

Four Part Series: Top Cybersecurity Concerns for Every Board of Directors, by John Reed Stark (NASDAQ Governance Clearing Center)

New York Cybersecurity Rules: What Firms Need to Know, by Kimberly Peretti and  Nameir Abbas (Securities Regulation, Daily, 2017)


Managing Retail Data Breaches

Amazon Unfair Practice Case May Affect Data Breach Cases, by Doug Meal, David Cohen and Joseph Cleemann (Law 360, July 2016)

Recent Decisions Highlight Product Cybersecurity Issues, by Heather Sussman, Doug Meal and David Cohen (Law 360, 2016)

St. Joseph Demonstrates Challenges for Breach Plaintiffs, By Doug Meal, Mark Szpak and David Cohen (Law 360, 2015)

Cyber Alert: Security Vulnerabilities: You Don’t Need a Breach to Face Regulatory Scrutiny (Alston & Bird, September 2016)


Managing Financial Firm Data Breaches

New York State Cybersecurity Regulations: First milestone in sight, what is next on the horizon? By Jeewon Serrato (contributor among several Shearman & Sterling colleagues)

8 Critical Lessons From Morgan Stanley Cybersecurity Case, by John Reed Stark (Law 360, October 2016)

SEC Pushes New Limits on Cybersecurity, Securities Fraud, by John Reed Stark (Compliance Week, 2016)

Avoiding Vanguard’s Cybersecurity Stumble, by John Reed Stark (Compliance Week 2016) (Alston & Bird, March 2017)

NYDFS issues final cybersecurity regulations, setting new industry standard for cybersecurity controls (Sidley & Austin, February 2017)

Beyond Disclosure: SEC Reinforces Public Company Cybersecurity Obligations(Willkie Farr & Gallagher 2018)

Virtual Currency Update: Increased Government Scrutiny and Enforcement (Willkie Farr & Gallagher 2018)

Ten Questions the SEC Probably Has for Google, by John Reed Stark (Law 360, October 2018)


National Security and Cyber-Attacks

Detect, Disrupt, Deter: A Whole-of-Government Approach to National Security Cyber Threats, by John Carlin (Harvard National Security Journal, 2016)

Opinion: Here’s how the Trump administration needs to boost cybersecurity,by John Carlin (Marketwatch, 2017)

Petya Ransomware Attacks, by Debevoise (June, 2017)

Cybersecurity Requirements Clarified (National Defense, March 2017)

Implications of WikeLeaks Publishing Details of CIA’s Cyber Arsenal (Ankura Consulting Group, March 2017)

The Risk in Making a Ransomware Payment, by John Reed Stark (Law 360, 2017)

Here’s what went wrong for Equifax in those first 48 hours, by John Carlin and David Newman (Aspen institute, 2017)

 A GDPR Primer For U.S.-Based Cos. Handling EU Data: Part 1 (By Caroline Krass, et al) (Law 360, 2017)

A GDPR Primer For U.S.-Based Cos. Handling EU Data: Part 2 (By Caroline Krass, et al) (Law 360, 2017)

Ten Crypto-Caveats Floyd Mayweather and DJ Khaled Should Have Heard From Their Lawyers, by John Reed Stark (The Harvard Law School Forum on Corporate Governance and Financial Regulation, April, 2018) 

A Dozen Obvious (and Not So Obvious) C-Suite Takeaways from the 2018 SEC Cyber-Disclosure Guidance, by John Reed Stark  (Law 360, May, 2018)

Think the SEC EDGAR Data Breach Involved Insider Trading? Think Again, by John Reed Stark (Law 360, October 2017)

“Cybervandalism” or “Digital Act of War”? America’s Muddled Approach to Cyber Incidents Won’t Deter More Crises, by Charlie Dunlap (Lawfire, 2017)

Are Cyber Norms as to What Constitutes an “Act of War” Developing as we Would Want?, by Charlie Dunlap (Lawfire, 2017)


Managing Data Breaches Across Borders

White House Releases Vulnerability Equities Policy and Processes, by David Fagan and Caitlan Meade(Inside Privacy, 2017)

Microsoft-Ireland: Decision underscores tension between privacy principles and the digital environment, by Squire Patton Boggs (Tara Swaminatha) (JD Supra 2016)

Presidential Cybersecurity Commission Issues Ambitious Policy Roadmap for Next Administration, by Benjamin Powell, Jonathan Cedarbaum and D. Reed Freeman (WilmerHale 2016)

Ensuring Best Practices in the Investigation of an Incident, by David Fagan, Ashden Fein and David Bender, (Cybersecurity Law and Practice Report, 2016)

2016 Privacy Year in Review, by Winston & Strawn LLP (Feb. 2017)

Cyber Alert: 2016 Breach Roundup, Part II: U.S. and EU Data Breach Notification Regulations Highlights and Trends, (Alston & Bird, January 2017)


After the Breach: Digital Forensics and Remediation

Cybersecurity Preparedness & Response Alert: Effective Cybersecurity: You Have a Breach Response Plan … Now How Do You Test It? (Alston & Bird, December 2015)

Takeaways, Reminders & Caveats From the Equifax and SEC Data Breaches, by John Reed Stark (Cybersecurity Docket and D&O Diary, 2017)

Hidden Legal Lessons from Anthony Weiner’s Laptop by John Reed Stark (Cybersecurity Docket, 2017)


After the Breach: Cyber Insurance and Class Actions

Courts Wrestle With Coverage for Cyber-Related Claims, by Peter Selvin (October, 2018)

High Hurdles Faced by Data Security Breach Shareholder Derivative Plaintiffs, by Douglas Meal, Mark Szpak, David Cohen and Lindsey Sullivan (Bloomberg Privacy and Law Review, 2017)

Cyber Insurance:  How to Find the Right Policy, by John Reed Stark (NASDAQ Clearinghouse, November 2016)

5 Tips for Buying and Reviewing Cyber Insurance, by Scott Godes (Law 360, 2014)

How Insurance Can Protect Your Company, by Scott Godes (Law Journal Newsletter, 2016)

Should Retailers Rely On CGL Coverage For Data Breaches?,  by: Scott Godes (Barnes & Thornburg 2015)

Who Gets Coverage? Cyber Insurance and Credit Card Risks: Will Coverage Apply After the P.F. Chang’s Denial?By: Scott Godes (Barnes & Thornburg 2017)

Cyber-Physical Risks: Are You Covered? (Covington, December 2016)


Breach Avoidance/Preparation: Counseling Companies Before the Inevitable Breach 

Cybersecurity Preparedness & Response Alert:  Effective Cybersecurity: The Evolving Regulatory Landscape for Investment Advisers, Investment Companies and Broker-Dealers, by Alston and Bird (Including Kimberly Kiefer Peretti)  (JDSupra Business Advisor, 2016)

Top Cybersecurity Concerns for Every Board of Directors, Part One: Cybersecurity Governance, by John Reed Stark (NASDAQ Clearinghouse, December 2016)

Alternative Communications Planning and Cybersecurity Incident Response, by Tara Swaminatha (CSO Magazine, 2018)

Cybersecurity: Past is Prologue, by Squire Patton Boggs (Tara Swaminatha) (JD Supra 2016)

Presidential Executive Order on Cybersecurity: No More Antiquated IT, by Jonathan Meyer, John Chierichella and Townsend Bourne (Bloomberg BNA Privacy and Law Report, 2017)

How a Consumer Group’s Cybersecurity Initiative Could Shape the Market, by Dave Thonas, Jonathan Meyer and Abraham Shanedling (Morning Consult, 2017)

Connecting the Dots: Key Developments and Best Practices for Evaluating Privacy and Security Risks in lot Investments, by Jeewon Serrato (Shearman and Sterling, 2017)

NY Cybersecurity Bill Shows “Reasonable Security” Standard Gathering Force, by Debevoise (Debevoise and Plimpton, 2017)

About John Reed Stark

John Reed Stark's Profile Image John Reed Stark President of John Reed Consulting LLC. Served for 15 years as an SEC enforcement attorney leading cyber-related projects, investigations and enforcement actions; for 11 years as Founder and Chief of the SEC Office of Internet Enforcement; for 15 years as an Adjunct Professor at Georgetown University Law School; for 3 years as Sr. Lecturer of Law at Duke University Law School; for 10 years as a Guest Instructor at the FBI Academy. Worked for 5+ years as Managing Director (three as head of the Washington, D.C. office) of a global digital risk management firm, leading cybersecurity, incident response and digital compliance engagements for corporations and regulated entities. Author of The Cybersecurity Due Diligence Handbook.