The Association of Corporate Counsel Foundation (ACC) released a State of Cybersecurity report on December 9, 2015. Ballard Spahr was the only law firm that served on the advisory board for the study and helped to formulate the survey questions. The report provides valuable insights on cybersecurity issues from more than 1,000 corporate lawyers at 887 organizations worldwide—most of whom hold the position of General Counsel or Chief Legal Officer.
We have previously observed that banks and other companies subject to the CFPB’s jurisdiction face the possibility that the CFPB could begin using its authority under Sections 1031 and 1036 of the Dodd-Frank Act (which proscribe unfair, deceptive or abusive acts or practices) to regulate cybersecurity policies and procedures. The ACC report can be used by in-house lawyers to assess whether their companies are devoting appropriate time and resources to cybersecurity. A company whose cybersecurity practices did not align with companies of a similar size in the same industry might be at greater risk of a UDAAP challenge if the CFPB were to scrutinize its cybersecurity policies and procedures.
For more on the report, see our legal alert. On January 12, 2016, Ballard Spahr will hold a webinar, “Lessons Learned: Best Practices for In-House Counsel from the ACC Cybersecurity Report,” from 12:00 p.m. to 1:00 p.m. ET. A link to register is available here.