Partner in ‘Law360’ on Proposed Breach Report Law

BCLP Partner Christian Auty was quoted Nov. 24 by Law360 on the defense policy spending bill under consideration in the U.S. Senate, which includes a first-of-its-kind amendment that would require infrastructure operators and federal agencies to report attacks to the Cybersecurity and Infrastructure Security Agency within 72 hours. The proposal also would mandate that many businesses alert authorities within 24 hours of paying cybercriminals a ransom. Some members of Congress have softened on their initial call to require critical infrastructure companies to report attacks within 24 hours, a timeframe attorneys say can be too short to know crucial details. “I don’t care how good your incident response plan is; you don’t know very much in 24 hours,” said Christian, leader of BCLP’s U.S. Global Data Privacy & Security Team. “If you have a 24-hour notification backed by some sort of sanction, you are really inviting a sea of noise with very little or no signal at all.”