Stuart M. Gerson, Member of the Firm in the Litigation and Health Care & Life Sciences practices, in the firm’s Washington, DC, and New York offices, was quoted in Inside Cybersecurity, in “Mueller Report Prompts Renewed Calls from Privacy Advocates for Security ‘Incentives,’” by Mariam Baksh. (Read the full version – subscription required.)

Following is an excerpt:

Privacy advocates are citing last week’s release of the Mueller report as the latest example of a lack of incentives for protecting data, while the policy implications of the report remain uncertain as the federal government struggles with whether and how to regulate cybersecurity. …

A Trump administration proposal for governing data privacy and security has identified the Federal Trade Commission as the lead regulatory agency for protecting consumer data. Advocates for such plans are calling for new FTC authority in issuing rules and fines to more clearly define private-sector expectations for protecting data from threats foreign and domestic.

But some stakeholders are pushing back, arguing the administration appears “schizophrenic” in its approach to data security and privacy.

While declining to comment directly on the Mueller report, Stuart Gerson of the law firm Epstein, Becker and Green, said the push for a punitive approach by giving the FTC to more power goes against efforts by the Department of Justice to have companies share information voluntarily with the government to thwart nation-state aggressors. That dichotomy in views was on display, Gerson said, at a recent event at the American Enterprise Institute where Peter Winn, DOJ’s director of the Office of Privacy and Civil Liberties and Republican FTC Commissioner Christine Wilson spoke.

“The comments of Pete Winn, understood national security interests and weren’t nearly the same as Commissioner Wilson’s,” Gerson said. “Everybody was very cordial about the whole thing, but the approach of DOJ is very different from that of the FTC. So when I talk about schizophrenia, that’s one example of it.”

Gerson said the Cybersecurity Act of 2015, or CISA, did not do enough to provide liability protections for companies who share information on threats and vulnerabilities with the government.

“The CISA law doesn’t address a whole lot of things,” he told Inside Cybersecurity. “It doesn’t deal with ultimate liability concerns. It deals with some but not all, and certainly the reaction in the private sector is that it didn’t do anywhere near enough to create the trust relationships that ought to be required.”

Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.