Cybersecurity law is a patchwork of global statutes and regulations.  Unfortunately, Congress has failed to act in this area, leaving the EU and US States to “lead.”  As a result, companies are often required to follow the lowest (or highest) common denominator, depending on your perspective. At the US federal level, we have specific industries that have requirements for protecting sensitive personal information.  The Health...