Significant increases in the exposure of personal information has led the U.S. government to introduce legislation to protect consumer data. These bills focus on creating a culture of security within public companies and requiring disclosure when personal information has been compromised.
Learn how these new laws could change your strategies for hiring leaders and training employees in security matters.
Cybersecurity isn’t something that should only be a concern for your IT team. When it comes to protecting data, your entire company must share in the commitment.
The Cybersecurity Disclosure Act of 2017 moves this responsibility to your boardroom. The bill requires publicly traded companies to:
The bill states that the U.S. Securities and Exchange Commission, together with the National Institute of Standards and Technology, will define “expertise or experience in cybersecurity.” This bill, and others like it on the state level, emphasize the government’s commitment to holding corporations responsible for making cybersecurity a priority.
No one wants to tell customers that their data was compromised. But the risks of not coming clean can compound the problem.
Uber waited more than a year before telling the public that data on 57 million drivers and riders had been breached. Instead, the company paid the hackers a ransom of $100,000 to keep quiet and supposedly delete the data. The fallout from this cover-up resulted in a public relations crisis for the company. Several of Uber’s security executives were fired, and the company is now under criminal investigation.
U.S. senators mentioned Uber when they introduced new legislation that would criminalize the failure to report on data breaches within 30 days. Under the proposed legislation, people who knowingly conceal a breach can face fines and up to five years in jail.
The Data Security and Breach Notification Act would also create federal standards around how companies manage consumer data. The legislation would require companies to assess their systems for vulnerabilities and destroy sensitive consumer data that they no longer use. The Federal Trade Commission would also offer incentives to businesses that adopt technology that makes consumer data unusable or unreadable if stolen during a breach.
The Cybersecurity Disclosure Act and Data Security & Breach Notification Act address cybercrime on a federal level. However, individual states are also ramping up cybersecurity laws that impact businesses. Twenty-eight states enacted new cybersecurity legislation in 2017, and 42 states introduced bills or resolutions that could soon become law.
According to the National Conference of State Legislators, states are addressing the need for better cybersecurity by providing more funding for improved security measures. States are also demanding that businesses and government agencies implement security practices, forcing organizations to share in the commitment to keep personal data safe.