Skip to main content

Cybersecurity: A Practical Guide to the Law of Cyber Risk

Author(s): Edward R. McNicholas, Sidley Austin LLP, Vivek K. Mohan
Practice Area: Cybersecurity and data protection, Information privacy (Cybersecurity and data protection), Regulation and compliance (Cybersecurity and data protection)
Published: Aug 2015
Supplement Date: Nov 2020 i Other versions can be found in the Related Items tab.
ISBN: 9781402424106
PLI Item #: 133898

Cybersecurity: A Practical Guide to the Law of Cyber Risk provides the practical steps that can be taken to help your clients understand and mitigate today’s cyber risk and to build the most resilient response capabilities possible.

The book provides a comprehensive discussion of the complex quilt of federal and state statutes, Executive Orders, regulations, contractual norms, and ambiguous tort duties that can apply to this crucial new area of the law. For example, it describes in detail:

  • The leading regulatory role the Federal Trade Commission has played, acting on its authority to regulate “unfair” or “deceptive” trade practices
  • The guidance issued by the SEC interpreting existing disclosure rules to require registrants to disclose cybersecurity risks under certain circumstances
  • The varying roles of other regulators in sector-specific regulation, such as healthcare, energy, and transportation
  • The impact of preexisting statutes, such as the Computer Fraud and Abuse Act and the Electronic Communications Privacy Act, on current cybersecurity issues

In addition, the authors have supplemented these more traditional sources of law with industry practices and the most important sources of soft law:

  • An explanation of the National Institute of Standards and Technology (NIST) Cybersecurity Framework and information sharing environments from a former Department of Homeland Security official
  • The views of the U.S. Secret Service on partnering with federal law enforcement and effective information-sharing
  • The guidance of leading consultants about the appropriate steps to prepare for cybersecurity incidents
  • The perspective of a leading insurance company on the evolving role of insurance in protecting companies from the financial losses associated with a successful cyber breach
  • The views of one of the most sophisticated incident response organizations on the proper elements of effective incident response
Throughout, Cybersecurity: A Practical Guide to the Law of Cyber Risk includes practice tools developed during the hundreds of breaches that the authors have weathered with their clients. These valuable practice aids include checklists, an overview of the legal consequences of a breach, and a tabletop exercise.
Please click here to view the latest update information for this title: Last Update Information

EDWARD MCNICHOLAS, a co-leader of Sidley’s Privacy, Data Security, and Information Law practice, represents technologically-sophisticated clients facing complex cybersecurity, information technology, privacy and related constitutional issues. Recognized by the National Law Journal as a “Cybersecurity & Data Privacy Trailblazer,” Ed spearheads Sidley’s cybercrime focus and has significant experience with litigation and counseling matters involving privacy and data protection, electronic surveillance, cloud computing, the Internet of Things, trade secrets, online advertising, social media, big data/data science and national security.  Among his other writing, he is the lead editor and co-author of the recently updated legal treatise, Cybersecurity: A Practical Guide to the Law of Cyber Risk.

Ed is frequently recognized as a leader in his field. He has been commended by The Legal 500 US for his “deep knowledge of privacy and information security,” and Chambers USA has included Ed in its rankings of the country’s Leading Lawyers since 2008 and notes that he “impresses sources with his outstanding knowledge and responsive service . . . handling complex privacy matters in his trial and appellate practice.” The 2015 edition of Chambers USA recognized Ed as a lawyer who “can help you to put any issue quickly into context” and who has substantial experience in investigations and contentious matters. Chambers Global has recognized the global reach of Ed’s data protection practice since 2011. 

Prior to joining Sidley, Ed served as an Associate Counsel to President Clinton. In that capacity, he advised senior White House staff regarding various Independent Counsel, congressional and grand jury investigations.

Ed received his JD (cum laude; Harvard Law Review editor) from Harvard Law School and his AB (summa cum laude, Woodrow Wilson School Thesis Prize) from Princeton University. He clerked for the honorable Paul Niemeyer on the US Court of Appeals for the Fourth Circuit.

Privacy Counsel at Apple Inc., where he is responsible for privacy and security issues associated with Apple's products, services, and corporate infrastructure. Vivek joined Apple from the Privacy, Data Security, and Information Law group at Sidley Austin LLP, where he counseled clients in the technology, telecommunications, healthcare, and financial services sectors. Vivek is the co-editor and author of the PLI treatise "Cybersecurity: A Practical Guide to the Law of Cyber Risk," published in September 2015. Vivek has worked as an attorney at Microsoft, at the Internet Bureau of the New York State Attorney General (under a special appointment), and at General Electric's corporate headquarters (on secondment). For five years, Vivek was a resident fellow and later a non-resident associate with the Cybersecurity Project at the Harvard Kennedy School. Vivek holds a JD from Columbia Law School and a BA from the University of California, Berkeley.