USA: +1(669)289-8683 
Sign in
We have discussed at length the actors (shareholders, directors, FTC staff, SEC staff, breach victims, the press, plaintiff’s lawyers, hackers (black hat and white hat)) who by various means influence how data holders consider and act on cybersecurity efforts within their businesses. We have also discussed at length the different standards that govern how much care some of these actors must take — is the data holder acting “reasonably”?; are directors fulfilling their fiduciary duties?; is the government doing its job?; are breach victims taking due care?
please give me your views on the following 3 issues:
Please describe the standard (or standards) you think should be adopted to describe the cybersecurity obligation of data holders, including the people who are in charge of the data holders. Please explain what the standard(s) you choose mean(s) in a way understandable to a data holder.
Please describe which of the various actors we have discussed (or others) do you think we should depend on to enforce the standard(s) and how should the enforcement be accomplished.
- Please discuss what cybersecurity obligations, if any, you think data subjects should have and how — if at all — any such obligation should affect a data holder’s cybersecurity obligation.
- Please be sure to address the tradeoffs you are making in your responses.
