In this episode, Brian Hengesbaugh, Global Chair of Data Privacy and Security, is joined by Stephen Reynolds, partner in Chicago, as they discuss the Strengthening American Cybersecurity Act, a law recently signed by President Biden, which requires key businesses to report certain ransomware incidents to the Cybersecurity and Infrastructure Security Agency (CISA). Listen in to hear about:

  • An overview of the new law, including key elements such as mandatory reporting requirements, timelines and which “critical infrastructure” sectors are affected by the legislation
  • How the scope and ambiguity of the new law impacts organizations and complicates the response process effort
  • What to expect in terms of engaging with CISA and how to preserve privilege applying to such communications
  • How to manage and coordinate the new reporting mandates with existing incident reporting obligations
  • Suggested action items to help companies address top-of-mind concerns and challenges they encounter as ransomware continues to be a prevalent threat

Want to Learn More?
Stay tuned for more podcasts and subscribe to the Connect On Tech Blog at

Subscribe on your player of choice: Apple | Android | Spotify

Brian provides advice on global data privacy, data protection, cybersecurity, digital media, direct marketing information management, and other legal and regulatory issues. He is Chair of Baker McKenzie's Global Data Privacy and Security group.


Stephen Reynolds frequently advises clients on complex matters involving data privacy and security laws and serves on the board of directors of the International Association of Privacy Professionals (IAPP). Stephen’s expertise adds value to organizations by mitigating cyber threats through proactive preventative measures and navigating complex litigation on behalf of clients in data privacy and security. He is uniquely able to and routinely uses his computer background in cases involving data privacy and security, electronic discovery, social media discovery, and computer forensics.