Beginning Next Week: InsideCounsel will become part of Corporate Counsel. Bringing these two industry-leading websites together will now give you comprehensive coverage of the full spectrum of issues affecting today's General Counsel at companies of all sizes. You will continue to receive expert analysis on key issues including corporate litigation, labor developments, tech initiatives and intellectual property, as well as Women, Influence & Power in Law (WIPL) professional development content. Plus we'll be serving all ALM legal publications from one interconnected platform, powered by, giving you easy access to additional relevant content from other InsideCounsel sister publications.

To prevent a disruption in service, you will be automatically redirected to the new site next week. Thank you for being a valued InsideCounsel reader!


Global cybersecurity still fractured but getting tougher

In-house counsel should be aware of the differing cybersecurity rules in different regions of the globe

Cybersecurity may be a top concern for legal counsel, but the shifting waters of global cybersecurity law are becoming increasingly difficult  to navigate. With recent changes in cybersecurity law across the globe, the cybersecurity legal realm is no longer as uniform as it once was, while rules are becoming tougher across the board.

Take, for instance, the differences between Europe, Asia and the U.S.  trial attorneys. Thomas Mahlum and Melissa Goodman of Robins, Kaplan, Miller & Ciresi L.L.P. wrote on InsideCounsel in August, the European Union (EU) has one completely codified set of rules for what counts as personally identifiable information (PII), with the EU Data Protection Directive and the Organization for Economic Cooperation and Development Guidelines. The Asian-Pacific Economic Cooperation, however, takes a less strict view of PII in the APEC Framework. The U.S., meanwhile, has a number of guidelines to abide by, including the Video Privacy Protection Act, the Cable Television Protection and Competition Act, the Children's Online Privacy Protection Act, and the Stored Communications Act.

“Businesses need to also adhere to the clearer guidelines on corporate data preservation duties developed as part of e-discovery’s emerging jurisprudence,” Mahlum and Goodman wrote. “Balancing these data-driven issues requires an understanding of the ever-evolving landscape of each competing concern.”

Now, even those laws may be changing. According to an article in the Wall Street Journal, both the EU and Japan are set to institute new privacy laws that tighten existing data breach legislation, much like the U.S. has done in recent years. In Japan, the government is targeting specifically financial firms, raising the penalty for not disclosing when an individual user’s data has been breached from 500 yen to 10,000 yen ($75) per user.  Olivier Piou, chief executive of data-security firm Gemalto, told the WSJ that 500 yen was simply “not enough of a deterrent.”

The EU, meanwhile, looks to institute widespread data breach notification rules. The discussion is in the early stages, and the proposed legislation is controversial due to its stringent nature — companies would be required to disclose any data breach within 24 hours. However, the fact that the EU is even having this discussion is noteworthy.

The way the litigation is going, in-house counsel should beware that the rules are only going to become stricter within the next couple of years. As Piou said, “In the next few years it will be an obligation, whether by law or reputation. Banks still hesitate to communicate a lot on their penetration and their events. Why? I think we are past the question of ‘should we do something,’ it’s ‘let’s do something.’”

Assistant Editor

author image

Zach Warren

Zach Warren is Assistant Editor of InsideCounsel magazine, where he oversees online content submissions and administers InsideCounsel's enewsletters. Zach specializes in new media and multimedia...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.