In the absence of federal cybersecurity and data privacy laws, companies have to look to other sources of guidance, including industry standards, and state laws.  The National Institute of Standards and Technology (“NIST”) has sought to fill some of the large gaps on the issue of cybersecurity.  Enforcement agencies often cite the NIST Framework as an important barometer of an organization’s commitment to cybersecurity risks...