Recent surveys by the Association of Corporate Counsel (ACC) consistently reveal that one of the top concerns for general counsel at private companies is cybersecurity. This concern is certainly well placed, given the steady stream of alarming incidents involving the security of sensitive data. As a result, corporate general counsel are increasingly hiring, or aware of the need for, an attorney who focuses on “cybersecurity.” But what does that specifically mean? What should be in that lawyer’s portfolio?
This is a question I have confronted in the past several years as I helped build the Office of the Chief Counsel at the new Cybersecurity and Infrastructure Security Agency (CISA). Our team of lawyers has a broad portfolio, including supporting responses to the most complex cyber incidents facing the country, negotiating complex technology agreements, developing legal and governance frameworks to address threats of emerging technologies and nation-states intent on compromising them, drafting legislation, and responding to audits and investigations. CISA, of course, is not a private company, but I hope my experience in building a cybersecurity practice for CISA will help…
