De La Lama in ‘Law360’ on Biden Administration’s Cybersecurity Order

Partner Amy de La Lama, chair of BCLP’s Global Data Privacy & Security Team, was quoted May 14 by Law360 on the Biden administration’s recent executive order requiring government agencies and the companies that contract with them to beef up cybersecurity and share more information about cyberthreats. The order also aims to create a national review board for major cyberattacks and a new labeling system to provide both the government and consumers with information on the security level of software programs. Requiring government contractors to notify federal officials about significant breaches has the potential to improve cybersecurity detection and mitigation efforts, although there are likely to be questions about the threshold for triggering the reporting obligation, what information contractors will be required to share, and what regulators and other officials will do with the data. “From a contractual standpoint, for example, it will be critical to develop terms that are balanced in way that encourages companies to report significant types of cyber incidents ... but aren't so restrictive that companies do not have sufficient time to investigate and understand the incident and/or are required to report an overwhelming type of incident,” she said.