Cyber security laws protect private citizens' personal information by regulating how businesses and governments collect and store data. The forward-looking regulations work to protect individual rights to privacy while supporting economic interests and national security.
Federal Laws on Cyber Security
Three recent federal laws have had significant impacts on data protection laws. The Cybersecurity Information Sharing Act (CISA) was passed in October of 2015 and enhances the sharing of information about cyber security threats by allowing for the sharing of internet traffic information between the U.S. government and technology companies. The Cybersecurity Enhancement Act of 2014 improves public-private partnerships in order to strengthen cyber security research and development and public preparedness. The Federal Exchange Data Breach Notification Act of 2015 requires a health insurance exchange to notify customers whose private information has been stolen no later than 60 days after discovery of the breach.
Each year brings new online threats. Not surprisingly, cyber security laws are among the most regularly updated by government agencies. In 2018, 35 states, D.C. and Puerto Rico introduced or considered more than 265 bills or resolutions related to cyber security, according to the National Conference of State Legislatures. According to NCSL, their top priorities include improving government security practices, providing funding for cyber security programs and initiatives, restricting public disclosure of sensitive government cyber security information, and promoting workforce, training and economic development.
New Trends Within Cyber Security Law
The passage of the General Data Protection Regulation by the European Union last year highlights how regulations overseas can impact markets here at home. The GDPR stipulates that U.S. companies that deal with EU clients must meet strict guidelines with regard to data protection and disclosure of data breaches, among other regulations.
The U.S. Federal Government is taking steps of its own to shore up cyber security concerns. In early 2018, the Department of Energy (DOE) announced the establishment of the Office of Cybersecurity, Energy Security and Emergency Response (CESER).
"The Office of Cybersecurity, Energy Security and Emergency Response leads the Department of Energy's emergency preparedness and coordinated response to disruptions to the energy sector, including physical and cyber-attacks, natural disasters and man-made events," according to the DOE.
The current patchwork of government regulations isn't without its critics. A CNBC article quoted Goldman Sachs' chief information security officer Andy Ozment:
"What's frustrating for me is how much of my time, my team's time and my resources are spent on having to answer a never-ending stream of regulator requests."
It is critical for companies to comply with regulations no matter where in the world they operate. The article also notes that "governments could do a better job of streamlining these many different and sometimes competing interests."
An understanding of cyber security law is key to a successful career in cyber security management. St. Thomas University's online Master of Business Administration with a concentration in Cyber Security Management teaches a course in cyber security law. The seven-week course examines relevant aspects of U.S. software and internet law through the study of significant case studies, while also covering technical terms and discussing recent cyber security laws and acts. The online degree program is taught by STU faculty and can be completed in as few as 10 months.
Have a question or concern about this article? Please contact us.