U.S. and International Legal Perspectives Affecting Cybersecurity Corporate Governance

International and U.S. corporations must be well advised regarding specific regulations and laws that affect cybersecurity decisions because the Board of Directors must perform due diligence to avoid regulatory negligence and lawsuit liability. Depending on the standards and the regulations that do define reasonable care, the corporate director is faced with the challenge of determining how and what cybersecurity laws apply. Then, directors can institute best cybersecurity management practices. This paper provides guidance regarding the application of the law in the areas of cyber security for the international corporations interacting with the European General Data Protection Regulations (GDPR), the California Consumer Privacy Act (CCPA), and recent Federal Trade Commission (FTC) administrative agency rulings. Reading this paper is worth your time because it will inform you of the legal challenges that international and domestic corporations face in making decisions about spending capital to manage cybersecurity and at the same time perform due diligence. In other words, if there is a cybersecurity breach, this paper will provide insights into what law must be followed by the corporation enabling the best management decisions assuring adequate response, compliance, thereby avoiding unnecessary liability risk. The paper also provides reflections about whether the GDPR serves as a better legal comprehensive regulatory model rather than the recently enacted laws in the U.S.