Navigating Ambiguities in New Cyber Reporting Law
Data privacy attorneys Shardul Desai, Joel Roberson, Marissa Serafino and Hannah Coulter co-authored an article for Law360 discussing the new Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), which requires covered entities to report a covered cyber incident to Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours after they reasonably believe a covered cyber incident has occurred. In this article, the authors cover key takeaways regarding cyber incident reporting requirements and protections for reporting entities and more.