Edward R. McNicholas

Publications

Books and Chapters

• “USA Law & Practice and Trends & Developments,” Chambers Global Practice Guide Cybersecurity 2022 (with Kevin Angle and Fran Faircloth) (2022)
• “U.S. Cybersecurity Laws and Regulations,” chapter in International Comparative Legal Guide - Cybersecurity 2022 (January 2022)
• “Cybersecurity 2021: USA,” Chambers Cybersecurity 2021 Global Practice Guide (with Kevin Angle and Fran Faircloth) (2021)
• Cybersecurity: A Practical Guide to the Law of Cyber Risk, PLI Treatise (lead general editor) (2015, 2016, 2018, 2019, 2020, 2021)
• “Privacy and Security,” Business and Commercial Litigation in Federal Courts, 3d Ed. (co-author of chapter on implications of privacy and data security laws for commercial litigation) (2011, 2017, 2020, 2021)
• Federal Trade Commission Enforcement of Privacy and Data Security, 500 Privacy & Data Security Practice Series, Bloomberg BNA (with Andrew Strenio and Clayton Northouse) (2014, 2018, 2020)
• Privacy and Security Issues in Cloud Computing, 520 Privacy & Data Security Practice Series, Bloomberg BNA (with William Long, Yuet Ming Tham, Mark Kaufmann and Colleen Brown) (2014, 2020)
• “U.S. Efforts to Change Leak Laws,” Whistleblowers, Leaks and the Media (2014)
• Health Information Privacy and Security, 505 Privacy & Data Security Practice Series, Bloomberg BNA (co-author with lead author Anna Spencer) (2014)
• “Autonomy: The Key Theory for Understanding the Evolution of US Privacy Law,” Privacy and Surveillance Legal Issues (2014)
• “Privacy And Security,” Successful Partnering Between Inside and Outside Counsel (co-author of a chapter on working together on privacy and security to achieve client objectives) (2013, 2017, 2020)
• “Information Security and Privacy: A Practical Guide for Global Executives, Lawyers and Technologists,” ABA Section of Science and Technology Law (contributor) (2011)

Recent Articles

• Co-author, “The SEC Awakens to Cybersecurity with the Zeal of a Convert,” New York Law Journal (May 8, 2023)
• Co-author, “Solving the Cybercrime Collective Action Problem,” New York Law Journal (March 6, 2023)
• Co-author, “Cybersecurity: Global Overview,” Cybersecurity 2023 (February 13, 2023)
• Co-author, “FDA updates guidance on cybersecurity responsibilities for medical device manufacturers,” Westlaw Today (May 23, 2022)
• Co-author, “Cybersecurity 2022,” Chambers Global Practice Guides (2022)
• Profiled, “This Week in Legal Blogging,” LexBlog (December 17, 2020)
• Co-author, “Pandemic-Related Privacy Bill May Be Unconstitutional” Law360 (May 14, 2020)
• Co-author, “Data Privacy Compliance Best Practices For Asset Managers,” Law360 (October 9, 2019) 
• “Hack Attack: Reducing the Risks of Stockholder Litigation Arising From Data Breaches,” Bloomberg BNA’s Corporate Law and Accountability Report (with Alex J. Kaplan, James Heyworth and Charlotte K. Newell) (2017)
• “Five Key Responsibilities of Boards in Managing Cybersecurity Risk,” Corporate Board Member magazine (with Clayton G. Northouse) (2017)
• “CFTC Issues Cybersecurity Rules on System Safeguards Testing Requirements,” Futures and Derivatives Law Report (co-author) (2016).
• “Considerations for Employers Collecting Health Information,” eHealth Law & Policy (with Anna Spencer) (June 6, 2016)
• “Broker-dealers need to respond to recent focus on cybersecurity threats,” Journal of Investment Compliance (with David S. Petron and Michael D. Wolk) (2014)
• “Cybersecurity Insurance to Mitigate Cyber-Risks and SEC Disclosure Obligations,” BNA’s Privacy & Security Law Report (August 19, 2013)
• “Standing to Challenge Statutory Violations of Privacy Laws After First American Finance Corporation v. Edwards," BNA’s Privacy & Security Law Report (with Jonathan Adams) (July 23, 2012)
• “Regulated Social Media: Practical Advice for Addressing Evolving Technologies in Regulated Industries,” BNA’s Privacy & Security Law Report (with Sabrina Ross) (June 14, 2010)
• “End of the Notice Paradigm?: FTC’s Proposed Sears Settlement Casts Doubt On the Sufficiency of Disclosures in Privacy Policies and User Agreements,” BNA’s Electronic Commerce & Law Report (with Alan Raul et al.) (July 15, 2009)
• “National Security Letters: Practical Advice For Understanding and Handling Exceptional Requests,” BNA Privacy & Security Law Report (March 30, 2009)
• “Competitive Privacy: Towards A New Area of Privacy Litigation?” IAPP Privacy Tracker (with Jennifer Tatel) (July/August 2008)

Quotations

• Quoted, “What Executives Should Take from Ex-Uber Security Chief Joe Sullivan’s Sentence,” Corporate Counsel (May 11, 2023)
• Quoted, “Meketa Struggles to Win Over Asset Mgr Holdouts in Diversity Survey,” FUNDfire (April 24, 2023)
• Quoted, “Americans Wary of Big Brother AI Watching in the Workplace,” The Wall Street Journal (April 20, 2023)
• Quoted, “Report Predicts $8 Trillion in Losses from Cyber Threats This Year,” Corporate Counsel (April 12, 2023)
• Quoted, “Lessons From the Multinational Takedown of Hive Ransomware: A Broad Impact,” Cybersecurity Law Report (February 15, 2023)
• Quoted, “Privacy Law Sparks New Litigation Wave Over Undisclosed Data Sharing,” The National Law Journal (February 10, 2023)
• Quoted, “Cyber Secrecy Timing Out,” ESG Investor (February 1, 2023)
• Quoted, “The 6 Most Common Cyberattacks That Could Impact Companies in 2023,” Forbes (January 2, 2023)
• Quoted, “SEC Cyber Rules: How to Prepare for the New 8-K Incident Mandate,” Cybersecurity Law Report (August 10, 2022)
• Quoted, “Playing By The (SEC) Book,” Strategic CIO 360 (July 8, 2022)
• Quoted, “Hot Market for Cyber Insurance Begins to Stabilize,” The Wall Street Journal (November 15, 2022)
• Quoted, “SEC Proposal May Add Cybersecurity to the ESG Mix,” Financial Times Ignites (March 10, 2022)
• Quoted, “New Board Duties in SEC Cybersecurity Rule Proposal,” BoardIQ (February 15, 2022)
• Quoted, “SEC Floats Cybersecurity Rule for Funds,” Financial Times Ignites (February 10, 2022)
• Quoted, “Imposters Steal Manager Names for Fake Emails, Webpages,” Financial Times FundFire (February 9, 2022) 
• Quoted, “Arizona Bill Would Ban Taxpayer-Funded Ransomware Payments,” Global Data Review (January 13, 2022)
• Quoted, “Cybersecurity & Privacy Policy To Watch In 2022,” Law360 (January 3, 2022)
• Quoted, “The Biggest Privacy Developments Of 2021,” Law360 (December 21, 2021)
• Quoted, “US makes ransomware a top national security priority,” Global Data Review (November 18, 2021)
• Quoted, “NIST’s New IoT Standard: Inspiring a Wave of New Device Security Guidance,” The Cybersecurity Law Report (March 11, 2020)
• Quoted, “NIST’s New IoT Standard: Boosting Security As States Launch Laws,” The Cybersecurity Law Report (March 4, 2020)
• Quoted, “4 Considerations For Landlords Amid Rise Of Co-Working,” Law360 (February 12, 2020)
• Quoted, “California’s privacy law arrives to confusion and costs for businesses,” Financial Times (January 1, 2020)
• Quoted, “US retirement accounts offer tempting target for cyber attacks,” Financial Times (October 30, 2019)
• Quoted, “Kreutzer’s Take: Bracing for California’s New Data Privacy Law,” WSJ Pro Private Equity (September 23, 2019)
• Quoted, “Deep Dive: Prepare to do battle with data privacy,” Private Funds CFO (July 8, 2019) 

Presentations

• Presenter, “Key Data Laws of Asia,” Privacy & Security Forum Spring Academy (March 24, 2022)
• Speaker, “Acquisitions of Technology Companies,” Association of Corporate Counsel, Northeast Chapter (February 8, 2022)
• Presenter, “The Biden Approach to Privacy and Cybersecurity,” NY Chapter of the Association of Corporate Counsel (May 13, 2021)
• Moderator, “Data Ethics & Emerging Technology,” Securities Industry and Financial Markets Association (May 13, 2021)
• Presenter, “Incident Response – State of Play,” Cybersecurity Docket Incident Response Forum Masterclass 2021 (April 8, 2021)
• Speaker, “Understanding Potential Cybersecurity Risks and the Paths to Compliance in the U.S.,” The Legal 500 (March 9, 2021)  
• Presenter, “U.S. Privacy Law Update: Key Developments From the Past Year and What to Expect in 2021,” NY Chapter of the Association of Corporate Counsel (December 10, 2020)
• “International Aspects of Privacy Protection and Enforcement,” Berkeley Center for Law & Technology Privacy Law Forum (October 9, 2020)
• “Evaluation of Key Privacy Risks for Mid-Market Companies,” Ropes & Gray Webinar (October 6, 2020)
• “Litigation Under the CCPA,” Ropes & Gray Webinar (September 22, 2020)
• “Updates on California Privacy Laws,” Ropes & Gray Webinar (September 15, 2020)
• “The Future of State Privacy Law,” Event for the New York Chapter of the ACC (June 30, 2020)
• “From Innovation to Solutions: Building Strategic Partnership in an Evolving Digital Health Landscape,” Ropes & Gray Digital Health Forum (September 18, 2019) 
• “Chinese Cybersecurity Law,” Privacy+Security Forum (October 4, 2018, Washington, DC)
• “Improving the Transatlantic Privacy Relationship,” (September 25, 2018, Washington, DC)
• “Getting Ready for the California Consumer Privacy Act of 2018” (September 6, 2018, Washington, DC)
• 2nd Annual Patient Support Services Compliance Summit (Integrate 2018) (July 23-25, 2018, Philadelphia, PA)
• “European Public Policy Trends Legal Panel,” 2nd Annual API-IOGP Cybersecurity Europe Conference for the Oil and Natural Gas Industry (June 28, 2018, London, UK)
• “Chinese Cybersecurity Challenges,” American Chemistry Counsel (June 27, 2018)
• “U.S. Privacy and Cybersecurity Update,” DP Legal (June 26, 2018, Copenhagen, Denmark)
• “Cybersecurity In Europe – What Do the New Laws Mean for You?”, Georgetown Cybersecurity Institute (May 24, 2018, Washington, DC)
• “Privacy & Cybersecurity Issues for Human Augmentics,” University of Illinois at Chicago, (April 12, 2018, Chicago, IL)
• “Emerging Compliance Topics: China’s Cybersecurity Law,” Loyola University Chicago School of Law (March 20, 2018, Chicago, IL)
• “Privacy & Cybersecurity Outlook for 2018,” CLEs (January 19-20, 2018, San Jose, CA)
• “Critical Issues in Cybersecurity,” IAA’s 2017 Investment Adviser Compliance Conference (March 2, 2017)
• “Will the Surveillance State Doom Transatlantic Data Transfer? The Future of the U.S. – EU Privacy Shield Agreement,” New York City Bar Association presentation (February 28, 2017)
• “Preparing for a Cybersecurity Event,” Association of Corporate Counsel In-house Counsel Conference (Universal City, CA, January 17, 2017)
• “Cybersecurity: Considerations for Legal and Compliance,” SIFMA Compliance and Legal Society Annual Seminar (Orlando, FL, March 14, 2016)
• “Cybersecurity Roundtable,” Credit Suisse Prime Services Leadership Conference (Orlando, FL, March 10, 2016)
• “Hot Topics in Data Privacy for Pharmaceutical Manufacturers,” DP Legal US Annual Meeting (Indianapolis, IL, November 18, 2015)
• “Cybersecurity Policy: The Role of the Government,” Privacy + Security Forum (Washington D.C., Oct. 22–23, 2015)
• Privacy, Data, and Information Security, The Conference Board (Washington, D.C., October 15, 2015)
• “Cybersecurity,” 15th Annual LICONY Legislative & Regulatory Conference (Cooperstown, NY, October 7–9, 2015)
• “Cybersecurity & Data Privacy”, OFII (Washington, D.C., October 2, 2015)
• “FTC Calling? How to Navigate a Data Security Investigation Before, During and After,” IAPP Privacy. Security. Risk. Conference /CSA Congress (Las Vegas, NV, September 30, 2015)
• “Data Breach Class Cases,” DRI Class Action Seminar (Washington, D.C., July 23–24, 2015)
• “Cybersecurity Process & Practice for Asset Managers,” Regulatory Compliance Association (Webinar, July 23, 2015)
• “Cybersecurity Concerns for Senior Managers and Boards of Directors,” Investment Company Institute (London, UK, July 14, 2015)
• “Cybersecurity: How Not to Make the Evening News,” Futures Industry Association Law & Compliance Conference (Washington, D.C., June 22, 2015)
• “Cybersecurity Regulation and Preparedness: Focusing on the Insurance Sector,” Insurance Cybersecurity and Privacy Roundtable (New York, NY, June 1, 2015)
• “Cybersecurity for Financial Services,” IA Watch Conference (Washington, D.C., May 20, 2015)
• “Cybersecurity for the Insurance Industry,” ALIC Conference (Breakers, FL, May 18, 2015)
• “The Legal Pitfalls of Failing to Develop Secure Cloud Services,” RSA Conference (San Francisco, CA, April 23, 2015)
• “Cyber-risk Oversight: Emerging Trends and Considerations for Directors,” NACD Advisory Councils (Washington, D.C., March 31, 2015)
• “Cybersecurity: Practical Considerations for Legal and Compliance,” SIFMA Compliance & Legal Society 2015 Annual Seminar (Phoenix, AZ, March 16, 2015)
• “The Stakes Are Going Up: Hacking and the New Paradigm of Data Breaches” (ACA Webcast, March 12, 2015)
• “Commerce and Competition in the Internet Age,” Center for American Progress Panel for the German Industry and Trade Representation (Washington, D.C., January 27, 2015)
• “Cyber Incident Investigations,” EEI Conference on Cybersecurity Law for Utilities (New York, NY, October 24, 2014)
• “Cybersecurity: New Privacy Laws and New Threats From Organized Crime and Nation States,” ABA 3rd Intl. White Collar Crime Institute (London, UK, October 14, 2014)
• “Cybersecurity: Trends, Incident Response, Remediation and Disclosures,” ACA Fall Compliance Conference (San Diego, CA, October 9, 2014)
• “Cybersecurity, Data Protection and Privacy,” OFII General Counsel Conference (Washington, D.C., September 18, 2014)
• “Cyber Security – What You Need to Know,” SIFMA Compliance and Legal Society Annual Seminar (Orlando, FL, April 2014)
• “Cybersecurity: Managing Risk Around New Data Threats,” Ethisphere (Webinar, January 2014)
• “An International Perspective on Health Care Privacy and Security,” Presentation at the American Conference Institute 3rd Annual Health Care Privacy and Security Forum (New York, NY, May 23, 2013)
• “At the Ready: Preparing U.S. Organizations for the Proposed EU Regulation,” IAPP Global Privacy Summit (Washington, D.C., March 8, 2013)
• “Cellular Phones and Mobile Privacy,” Information Society Project at Yale Law School, Location Tracking and Biometrics Conference (New Haven, CT, March 3, 2013)
• “Cloud Computing: Understanding and Mitigating the Risks, Utilizing the Latest Security Controls and Ensuring Protection ‘In the Cloud’,” Conference on the Privacy and Security of Consumer and Employee Information (San Francisco, CA, July 2012)
• “Toward a Safe Harbor for the Cloud,” iTech Law European Conference (Rome, Italy, October 2012)
• “Privacy in a Time of Change,” Twin Cities Privacy Retreat (St. Paul, MN, January 15, 2009)
• “Minimizing the Weight of Regulation,” Security Standard Conference (Chicago, IL, September 2007)
• “Why Privacy Matters — Protecting Your Reputation, Practice and Clients,” AICPA National Conference on Fraud and Litigation Services (Las Vegas, NV, September 2006)
• “Privacy: The Importance of Getting It Right,” 2006 CSO Perspectives Conference (Orange County, CA, March 2006)