Cyberlaw Book Resources – Chapter 31

Chapter 31 resources for the Cyberlaw book

By John Bandler

This page has resources specific for this chapter.

Looking to navigate to another place?

• Cyberlaw Book Resources (main resources page)
• Cyberlaw main book page
• Udemy course on cyberlaw
• Previous chapter
• Next chapter

Chapter 31 Cybersecurity and Data Protection Laws

This chapter discusses cybersecurity and data protection laws, one type of "data law". Some of these cybersecurity laws are to protect consumer data held by organizations, to protect that consumer privacy right. Some of these cybersecurity laws are to ensure an organization within a regulated industry is resilient from cyberattacks. Some of these laws even recognize that company valuation is affected by cybersecurity and cybersecurity related disclosures (see the SolarWinds case).

Chapter references, resources, and additional reading

• Chapter 31 resources, https://johnbandler.com/cyberlawbook-resources-ch31/  (this page)
• New York Cybersecurity Requirements and the SHIELD Act, https://johnbandler.com/new-york-cybersecurity-requirements-and-the-shield-act
• SolarWinds breach and the 2023 SEC lawsuit (case summary page), https://johnbandler.com/solarwinds-breach-and-2023-sec-lawsuit
• Cybersecurity Laws and Regulations 1, https://johnbandler.com/cybersecurity-laws-and-regulations-1/
• NY GBL § 899-bb Data security protections, https://www.nysenate.gov/legislation/laws/GBS/899-BB
• NY DFS Rule 500, Cybersecurity Requirements for Financial Services Companies, 23 NYCRR Part 500, https://www.law.cornell.edu/regulations/new-york/title-23/chapter-I/part-500
  • NY DFS Cybersecurity Resource Center, https://www.dfs.ny.gov/industry_guidance/cybersecurity
• NCSL, Data Security Laws, Private Sector, https://www.ncsl.org/research/telecommunications-and-information-technology/data-security-laws.aspx
• HIPAA security rule, 45 CFR Subpart C, Security Standards for the Protection of Electronic Protected Health Information, https://www.law.cornell.edu/cfr/text/45/part-164/subpart-C
• GLBA, 15 U.S. Code Chapter 94, Privacy, https://www.law.cornell.edu/uscode/text/15/chapter-94
• GLBA Safeguards Rule: 16 CFR Part 314, Standards for Safeguarding Customer Information, https://www.law.cornell.edu/cfr/text/16/part-314
• FFIEC website https://www.ffiec.gov/
  • FFIEC IT Examination Handbook, https://ithandbook.ffiec.gov/
• SEC on SOX, https://www.investor.gov/introduction-investing/investing-basics/role-sec/laws-govern-securities-industry#sox2002
• The Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g, https://www.law.cornell.edu/uscode/text/20/1232g
• FERPA regulations, 34 CFR Part 99, Family Educational Rights and Privacy, https://www.law.cornell.edu/cfr/text/34/part-99
• US Department of Education FERPA webpage, https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html
• The Federal Information Security Management Act (FISMA), https://www.cisa.gov/federal-information-security-modernization-act
  • https://www.congress.gov/bill/113th-congress/senate-bill/2521
• The White House, Executive Order on Improving the Nation’s Cybersecurity, May 12, 2021, https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/
  • The White House, Fact Sheet: President Signs Executive Order Charting New Course to Improve the Nation’s Cybersecurity and Protect Federal Government Networks,  https://www.whitehouse.gov/briefing-room/statements-releases/2021/05/12/fact-sheet-president-signs-executive-order-charting-new-course-to-improve-the-nations-cybersecurity-and-protect-federal-government-networks/

Chapter questions

• What is John Bandler's three word summary of cybersecurity laws and regulations?
• What do you think of this summary and why? (As always, do not consult external resources to figure out what you think)
• How is a cybersecurity framework different from a cybersecurity law? Give an example of each.
• Which came first, cybersecurity frameworks or cybersecurity laws? Explain.
• Name NY’s general cybersecurity law and provide a citation and link to it.
• Name NY’s cybersecurity regulation for the financial sector and provide a citation and link to it.
• Is there a federal law that could be applied generally to cybersecurity? If so, name it and explain.
• Is there a federal law that is sector specific and requires cybersecurity? If so name them and what sectors it applies to.
• Is secure data disposal a part of a good cybersecurity program? Explain.

Links and information

• The book: Cyberlaw: Law for Digital Spaces and Information Systems, by John Bandler
• Cyberlaw Book Resources (main resources page)
• Cyberlaw book FAQ
• Cyberlaw main book page
• Amazon - John's Author page
• Udemy online course on cyberlaw (other online courses too)
• Services
  • Cybersecurity Services

This page is hosted at https://johnbandler.com/cyberlawbook-resources-ch31, copyright John Bandler, all rights reserved.