Jim Dempsey is a lecturer at the UC Berkeley Law School and a senior policy advisor at the Stanford Cyber Policy Center. From 2012-2017, he served as a part-time member of the Privacy and Civil Liberties Oversight Board. He is the author of Cybersecurity Law Fundamentals (IAPP, 2021).
Subscribe to this Lawfare contributor via RSS.
As government policy moves toward more binding rules for cybersecurity, how should they be enforced? Self-assessment and self-certification are not likely to suffice.
The Biden administration’s cybersecurity strategy calls for placing responsibility for buggy software on those best positioned to reduce risk. It’s high time, but it won’t be easy.
Legislation granting the FDA express regulatory authority over the cybersecurity of medical devices points the way to incremental improvements in other sectors and products.
A closer look at the TSA’s cybersecurity directive for pipelines casts doubt on the applicability of “performance-based” regulation to cybersecurity. For now, policymakers have to combine management-based controls and technology-specific prescriptions.
The federal privacy bill currently being considered by the House of Representatives would be a huge improvement over the current state of law with respect to the cybersecurity of personal information, but a few key areas need adjustment.
What is the FTC’s Advance Notice of Proposed Rulemaking on commercial surveillance and data security, and what issues does it raise?
Legislation moving through Congress on medical devices suggests broader lessons for how to improve the cybersecurity of essential products and critical infrastructure. The bill’s proposed system of regulation and oversight holds promise for meeting the competing criteria of certainty and flexibility, stability and adaptability, mandate and innovation.