Cybersecurity and privacy rules have changed the private and public sectors’ landscapes. The state and federal rules are changing the ways private and public organizations are managing their operations. These rules are focusing on privacy, security and regulations in all jurisdictions but uniformity is an issue. Therefore, state and federal legislators should ensure uniformity to avoid regulatory and enforcement contradictions.
The State of California has enacted laws to promote cybersecurity within its jurisdiction. For example, Assembly Bill 89 (“AB 89”) was enacted to ensure information sharing should be conducted in a way that protects an individual’s privacy and civil liberties, confidential information, preserves business confidentiality, and enables public officials to detect, investigate, and prevent network security breaches. It has also enacted the California Consumer Privacy Act (“CCPA”) that allows individuals to file a legal action against businesses that fail to implement and maintain reasonable security measures to protect their personal information. Now, “reasonable security measures” may include using a firewall, encryption, and intrusion detection software on their computer networks.
The State of New York has enacted laws to promote cybersecurity within its jurisdiction. For example, it has passed the Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) to protect consumers from exposure of private information from cybersecurity attacks. This statute is designed to increase data protection and data breach notification requirements for commercial enterprises. It is meant to hold business organizations responsible for gathering and storing consumer personal information which may include a name, address, telephone number, email address, date-of-birth, and social security number.