Cybersecurity Enforcement: If Government Regulation Is Going to Increase, How Will It Be Enforced?

headshot of jim dempsey on a red background reading winter seminar series

Join the Cyber Policy Center, together with the Program on Democracy and the Internet on Tuesday, January 17th, from Noon–1 PM Pacific, for "Cybersecurity Enforcement: If Government Regulation Is Going to Increase, How Will It Be Enforced?" a discussion with James Dempsey, Senior Policy Advisor for the Program on Geopolitics, Technology, and Governance (GTG). The session will moderated by Andrew Grotto, Director of GTG.

As regulators and legislators at both the federal and state level expand their attention to cybersecurity with guidelines, rulemaking and potential legislation, they confront the question of how to enforce any standards they pronounce. The U.S. approach so far has depended mainly on post-incident investigations and enforcement actions by regulators. While crucial, these take place after the damage has been done. Private party litigation is a blunt instrument that rarely, if ever, yields a judgment on the merits of an entity's cybersecurity program. What mix of alternatives should be deployed? GTG Senior Policy Advisor Jim Dempsey will explore enforcement options, including government audits, third party certifications, and insurance company underwriting standards.

This session is part of the Winter Seminar Series, a series spanning January through March, hosted at the Cyber Policy Center with the Program on Democracy and the Internet. Sessions are in-person and virtual, with in-person attendance offered to Stanford affiliates only. Lunch is provided for in-person attendance.

For a full list of dates, speakers and topics, see the Winter Seminar page and register for sessions of interest.


Jim Dempsey is senior policy advisor to the Stanford Program on Geopolitics, Technology and Governance and a lecturer at the UC Berkeley School of Law, where he teaches a course on cybersecurity law in the LLM program. Until May 2021, Jim was Executive Director of the Berkeley Center for Law & Technology. In 2012, after Senate confirmation, he was appointed by President Barack Obama as a part-time member of the U.S. Privacy and Civil Liberties Oversight Board, an independent agency within the federal government charged with advising senior policymakers and overseeing the nation’s counterterrorism programs. He served in that position until January 2017, while also running BCLT.

From 1997 to 2014, Dempsey was at the Center for Democracy & Technology (CDT), a non-profit public policy organization focused on privacy and other issues affecting the internet, where he held a number of leadership positions. Prior to that he was deputy director of the Center for National Security Studies (1995-1997) and assistant counsel to the House Judiciary Committee (1985-1995), focusing on privacy, FBI oversight, and surveillance issues. 

Jim graduated from Yale College and Harvard Law School.