The Authors The authors are all attorneys with the Kennedys law firm (kennedyslaw.com). Joshua Mooney (joshua.mooney@kennedyslaw) and Judy Selby (judy.selby@kennedyslaw.com) are partners. Tracey Kline (tracey.kline@kennedyslaw.com) and Alexis Childs (alexis.childs@kennedyslaw.com) are associates. Bridget Mead, associate, and Javier Vijil, senior associate, also contributed to this article. Judy Selby is also a member of the Editorial Board of Advisors for the Journal on Emerging Issues in Litigation. Cybersecurity and Data Privacy 2021 in Review By Joshua Mooney, Judy Selby, Tracey Kline, and Alexis Childs Abstract: As the world emerged from lockdown, it should come as no surprise that cybersecurity and data privacy remained dominant topics in the media and legal industry. Some of 2021 was much like 2020—ransomware attacks continued to fill the headlines, and in the aggregate, constituted significant loss paid under cyber insurance policies. OFAC reminded victim companies and incident response firms (and cyber carriers) that it remains unlawful to pay ransom payments to designated organizations. Comprehensive federal legislation addressing cyber defenses and notification requirements never materialized. Yet in 2021, we saw new and significant developments. U.S. law continued its drift toward comprehensive privacy regulation with two new significant pieces of privacy legislation and California’s enforcement of the California Consumer Privacy Act. In the absence of federal legislation, federal agencies either [...]