Share these talks and lectures with your colleaguesInvite colleagues
Managing the hypercomplexity of cyber security regulation: In search of a regulatory Rosetta Stone
It is an understatement to say that the legal issues arising from privacy and information security concerns are complex. Indeed, the way that laws from various jurisdictions and industry sectors interact and even conflict make the legal issues in this space hypercomplex: more complex because of their very own complexity. Fortunately, a common regulatory language is beginning to coalesce, and organisations can position themselves within this ‘sweet spot’ of regulatory focus. By engaging in robust and honest risk assessments, by adopting an established security framework, and by including regulatory risk in its risk management and budgeting efforts, an organisation can adapt to the changing regulatory landscape and lessen the burden that this hypercomplexity creates.
The full article is available to institutions that have subscribed to the journal.
F. Paul Greene is a partner and the Privacy & Data Security Practice Group Leader at Harter Secrest & Emery LLP. Paul represents clients in a wide range of industries concerning all aspects of proactive preparation and risk management, including security and vulnerability assessments, policy and procedure review, breach response planning and drills, as well as board and management education on cyber risk and privacy issues. Post-breach, Paul and his team provide a full array of reactive services, including breach coaching and response, crisis management and communication, internal and governmental investigations, breach notification and potential litigation or regulatory action including under the EU’s General Data Protection Regulation (GDPR), the Personal Information Protection and Electronic Documents Act (PIPEDA) and the upcoming California Consumer Privacy Act (CCPA). Paul is a Certified Information Privacy Professional/ United States (CIPP/US) recognised by the International Association of Privacy Professionals (IAPP) and is a Distinguished Fellow of the Ponemon Institute. He has also been recognised by Chambers USA: America’s Leading Lawyers in Business since 2015 for his strong reputation and knowledge, especially in the field of complex commercial litigation. He publishes and speaks internationally on privacy and information security issues and is an adjunct professor at the Rochester Institute of Technology, teaching information security policy and law to computer science and cyber security students, both on the graduate and undergraduate levels. Paul received his JD from Fordham University, his PhD from New York University and his BA from the University of Rochester.