About the Cybersecurity Law Center

The IAPP has long recognized the strong link between privacy and data security. Now more than ever, we see the complex field of cybersecurity law and policy becoming a distinct discipline integral to organizations' legal compliance, data governance and risk mitigation strategies.

As the sophistication and impact of cyberattacks increase, federal and state policymakers, regulators and judges are redefining reasonable security. Federal and state cybersecurity statutes, class-action lawsuits, insurance requirements, national security controls on data and technology, criminal laws, and regulatory enforcement actions are stacking up. As a result, lawyers, privacy professionals and those responsible for cybersecurity policy increasingly need a way to engage with each other about organizational compliance with this rising tide of requirements and expectations.

To address the need for deeper understanding and wider engagement, the IAPP Cybersecurity Law Center provides networking, education, resources and workshop opportunities for lawyers and nonlawyers alike. We welcome your participation as we build out our offerings on breach notices, product liability, cybersecurity standards — what is "reasonable" cybersecurity — governmental access to data, U.S. Securities and Exchange Commission and other public disclosure rules, ransomware response, and national security limits on data transfers.

 

Cybersecurity Law Center Managing Director

Jim Dempsey is the managing director of the IAPP's Cybersecurity Law Center. In that role, he serves as a thought leader and public voice for the IAPP on cybersecurity law, providing strategic direction on and contributing to, the development of practical, relevant and timely research and other content to keep IAPP members informed of and engaged in critical cybersecurity law developments. On behalf of the IAPP, he engages with senior industry stakeholders, policymakers, academics and civil society leaders, connecting them with IAPP leadership and teams. Read more.

To learn more about the launch of the IAPP's Cybersecurity Law Center and broader work on digital governance, view the press release below.

Cybersecurity Law Center Press Release

 

Check out our cybersecurity law resources

Cybersecurity Law Fundamentals, Second Edition

Fully revised to reflect the remarkable changes in U.S. cybersecurity law in recent years, the Second Edition of "Cybersecurity Law Fundamentals" is both a primer and a reference volume. It not only serves cybersecurity practitioners looking for a quick refresher or citation, but also guides generalists and newcomers to the field, including general counsel who need a basic understanding of the regulatory requirements and legal risk companies face, policymakers interested in understanding the gaps in the law and filling them, attorneys seeking to transition their careers to a rapidly growing practice area, and students preparing for careers in this exciting arena. Book available here.

Podcast: Top trends in cybersecurity

Cybersecurity law is rapidly evolving to meet the needs of an increasingly digitized and complex economy. IAPP Editorial Director Jedidiah Bracy recently spoke with "Cybersecurity Law Fundamentals, Second Edition" co-authors Jim Dempsey and John Carlin about the latest trends in cybersecurity. Listen to the podcast.

 

Article: Major trends in US cybersecurity law and policy

“The obligation of data custodians to protect the confidentiality, integrity and availability of the personal information they hold is becoming increasingly complex with its own, sometimes overlapping and, sometimes conflicting, body of rules,” James Dempsey and John Carlin wrote in an article. The two explore key trends emerging in U.S. cybersecurity law, which they said, “is emerging as its own discipline.” Read more.