Skip to main content

Cybersecurity: A Practical Guide to the Law of Cyber Risk

Author(s): Edward R. McNicholas, Sidley Austin LLP, Vivek K. Mohan
Practice Area: Cybersecurity and data protection, Information privacy (Cybersecurity and data protection), Regulation and compliance (Cybersecurity and data protection)
Published: Aug 2015
Supplement Date: Nov 2020 i Other versions can be found in the Related Items tab.
ISBN: 9781402424106
PLI Item #: 133898

Cybersecurity: A Practical Guide to the Law of Cyber Risk, authored by 20 experts in the field, provides the practical steps that can be taken to help your clients understand and mitigate today’s cyber risk and to build the most resilient response capabilities possible.

The book provides a comprehensive discussion of the complex quilt of federal and state statutes, Executive Orders, regulations, contractual norms, and ambiguous tort duties that can apply to this crucial new area of the law. For example, it describes in detail:

  • The leading regulatory role the Federal Trade Commission has played, acting on its authority to regulate “unfair” or “deceptive” trade practices
  • The guidance issued by the SEC interpreting existing disclosure rules to require registrants to disclose cybersecurity risks under certain circumstances
  • The varying roles of other regulators in sector-specific regulation, such as healthcare, energy, and transportation
  • The impact of preexisting statutes, such as the Computer Fraud and Abuse Act and the Electronic Communications Privacy Act, on current cybersecurity issues

In addition, the authors have supplemented these more traditional sources of law with industry practices and the most important sources of soft law:

  • An explanation of the National Institute of Standards and Technology (NIST) Cybersecurity Framework and information sharing environments from a former Department of Homeland Security official
  • The views of the U.S. Secret Service on partnering with federal law enforcement and effective information-sharing
  • The guidance of leading consultants about the appropriate steps to prepare for cybersecurity incidents
  • The perspective of a leading insurance company on the evolving role of insurance in protecting companies from the financial losses associated with a successful cyber breach
  • The views of one of the most sophisticated incident response organizations on the proper elements of effective incident response
Throughout, Cybersecurity: A Practical Guide to the Law of Cyber Risk includes practice tools developed during the hundreds of breaches that the authors have weathered with their clients. These valuable practice aids include checklists, an overview of the legal consequences of a breach, and a tabletop exercise.
Please click here to view the latest update information for this title: Last Update Information

Edward McNicholas is a co-leader of Ropes & Gray’s privacy & cybersecurity practice. He represents technologically sophisticated clients facing complex data, privacy, and cybersecurity issues. His clients include financial institutions, insurance companies, branded pharma companies, technology communications companies and select retailers.
Ed advises clients on the full range of federal, state and foreign privacy and data security requirements including in the areas of financial privacy, health care privacy, communications privacy, ad-tech, and national security. He also provides substantial advice to clients regarding privacy and data security issues that arise in connection with global internal investigations and trans-national litigation, dealing with such legal dilemmas as those posed by foreign data protection and “blocking” statutes. Ed’s counseling practice also includes other areas of technology law, such as electronic surveillance, cloud computing, the Internet of Things, trade secrets, online advertising, social media and big data/data science. 
In addition, Ed has significant experience with investigations and class action litigation related to cybersecurity incidents, as well as enforcement actions by the FTC, state Attorneys General, the SEC, OCR, Data Protection Authorities outside of the U.S., and other government agencies. He leads internal investigation and litigation matters that frequently involve complex, multi-jurisdictional, and multi-national litigation issues, particularly federal court jurisdictional and constitutional concerns related to the First and Fourth Amendments. Ed has experience dealing with Internet and information law matters involving online brand protection, trade secrets, social media, eCommerce, and national security issues.
Ed also maintains a robust pro bono practice. He frequently advises organizations that combat homelessness regarding complex constitutional issues at both the trial and appellate levels and before legislative bodies. He also regularly represents religious institutions on constitutional and other legal issues.
Ed previously served as an Associate Counsel to President Clinton. In that capacity, he advised senior White House staff regarding various Independent Counsel, congressional and grand jury investigations. Ed has developed unique experience representing clients in the midst of media-driven legal challenges. His crisis management skills are particularly useful in coordinating the swirl of complex litigation, congressional hearings, and federal and state investigations that can follow from major privacy and cybersecurity incidents.

Ed is a frequent commentator on privacy, data security, and information law issues and has written extensively on various information law and civil liberties topics for a variety of publications. He is an editorial advisor to Bloomberg BNA and served on its former Advisory Board for the BNA Privacy & Security Law Report.

Privacy Counsel at Apple Inc., where he is responsible for privacy and security issues associated with Apple's products, services, and corporate infrastructure. Vivek joined Apple from the Privacy, Data Security, and Information Law group at Sidley Austin LLP, where he counseled clients in the technology, telecommunications, healthcare, and financial services sectors. Vivek is the co-editor and author of the PLI treatise "Cybersecurity: A Practical Guide to the Law of Cyber Risk," published in September 2015. Vivek has worked as an attorney at Microsoft, at the Internet Bureau of the New York State Attorney General (under a special appointment), and at General Electric's corporate headquarters (on secondment). For five years, Vivek was a resident fellow and later a non-resident associate with the Cybersecurity Project at the Harvard Kennedy School. Vivek holds a JD from Columbia Law School and a BA from the University of California, Berkeley.