Our blockchain colleagues recently published an article on the rapidly evolving landscape where blockchain intersects with data security and privacy. If you’ve ever wondered how blockchains can be considered secure even though hacks of cryptocurrency exchanges routinely make headlines, or whether distributing a permanent ledger to every participant in a network might run afoul of

The European Data Protection Board (EDPB) is an independent advisory body, established by the GDPR, that issues guidelines, recommendations, and best practices for the application of the GDPR.

At its Third Plenary on September 26, the EDPB adopted new draft guidelines on the GDPR’s territorial scope.

These guidelines should help provide a common interpretation of

I hope you will join us on Thursday, May 7 from 6:00 pm – 9:00 pm for the “Triple Entente Beer Summit” at The Washington Firehouse (1626 North Capitol Street Northwest, Washington, DC).  This live recording of the three podcasts – Steptoe Cyberlaw Podcast, Lawfare Podcast, and Rational Security – will be your chance

Government policymakers have been hoping for twenty years that companies will be driven to good cybersecurity by the threat of tort liability. That hope is understandable. Tort liability would allow government to get the benefit of regulating cybersecurity without taking heat for imposing restrictions directly on the digital economy.

Those who see tort law as

Here we go again.  A prominent company suffers a data breach.  The company publicly alerts its customers.  The company almost immediately finds itself the subject of inquiries from Congress and the target of investigations by regulators.  Before long, class action lawyers will crank out complaints as if they’re Mad Libs, filling in the name of

In the aftermath of the TARGET breach announced last month, there has been much talk of how to respond to large-scale breaches of this type.  Lawmakers are eager to write legislation to increase the FTC’s enforcement powers and create a national breach notification standard.  But if the congressional response focuses entirely on breach notification and