Report: Companies must be prepared for cybersecurity regulations
A new report indicates that companies need to prepare for a flood of
cybersecurity regulations nationwide.
The 2019 Compliance Landscape Report by Edgile, a cyber risk and regulatory compliance partner to Fortune 500 companies, reviewed state bills, resolutions and laws across the country.
The report states that in 2018, at least 35 states reviewed more than 265 cybersecurity-related bills and resolutions. Fifty of them became law. This trend is expected to gain momentum as states address privacy risks and global rules that affect business, such as the European Union’s GDPR privacy rules.
These are just a few examples of laws that went into effect in 2018:
• California: The state passed the first “Internet of Things” law, requiring the manufacturer of a “connected device” to “equip the device with a reasonable security feature or features designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.”
• Ohio: Ohio passed a law that gives businesses a legal incentive to adopt and maintain written cybersecurity programs. It’s the first state law of this kind.
• South Carolina: The state passed the first insurance cybersecurity law under the NAIC Insurance Data Security Model Law. The law requires insurers, agents and other licensed entities to maintain an information security program based on ongoing risk assessment, oversee third-party service providers, investigate data breaches, and notify authorities of such breaches.
• Vermont: The state was the first to pass a data broker law, requiring businesses defined as “data brokers” to register annually with the secretary of state, notify authorities of security breaches, and adhere to standard security measures when dealing with personally identifiable information. A “data broker” is defined as a business that knowingly collects and sells or licenses to third parties the personal information of a consumer with whom that business doesn’t have a direct relationship.
Consult a business attorney in your state to learn about what regulations apply to your company.