Insights
Cyber Incident Reporting for Critical Infrastructure Act, in ‘Privacy & Cybersecurity Law Report’
Oct 19, 2022Summary
Global Data Privacy & Security Chair Amy de la Lama, Counsel Lori Van Auken and Associate Gabrielle Harwell authored an article published in the October edition of Privacy & Cybersecurity Law Report concerning cyber incident reporting for the Critical Infrastructure Act. The article outlines what critical infrastructure entities need to know about the new reporting rules under the Cyber Incident Reporting for Critical Infrastructure Act – now and in the future.
“The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) is a new federal law, adopted in March that requires critical infrastructure entities to report certain cybersecurity incidents and ransom payments to the Cybersecurity and Infrastructure Security Agency (CISA) within a matter of hours,” they wrote. “Although CIRCIA garnered significant fanfare at the time it was signed into law, many details remain to be hashed out by implementing regulations, which could take years to finalize. Covered entities, however, should take no comfort in this delay. CIRCIA provides remarkably detailed guidance concerning the scope of these regulations, putting covered entities on clear notice of their future obligations and the consequences of failing to comply.”
Read the article here.
Related Practice Areas
-
Data Privacy & Security
