Computers and computing activities play an increasingly integral role in daily life in America, affecting our financial activity, social interactions, and more. With an increased level of dependence on networked devices comes the risk of theft, or even attacks, on and through our computer networks. While the business community has already recognized the importance of cybersecurity, the government and legal system are finally responding in five key areas.
National security. The federal government has made cybersecurity a central feature of its national security strategy. Recognizing the risk of an attack on the nation’s computer networks by a foreign power or sub-national group, the Department of Defense created a comprehensive strategy for cybersecurity (PDF file) in 2011. The strategy treats “cyberspace” as its own “operational domain,” requiring specialized training and organization. The government has also taken steps to combat online theft, which can include not only monetary theft but theft of intellectual property and identity theft. The latter has become more and more sophisticated as thieves find ways to exploit personally identifiable information (PII) stored online.
Federal legislation. The Obama administration proposed legislation outlining ten points for cybersecurity protection. These generally included protection of the American people, the nation’s infrastructure, and the federal government’s networks and computer systems. Several bills pending in Congress address aspects of cybersecurity. The controversial Cyber Intelligence Sharing and Protection Act (CISPA), for example, allows sharing of data between companies and the National Security Agency in order to investigate and combat cybersecurity threats.
State legislation. Protection of government data, PII, and personal privacy have informed numerous state statutes enacted in the past ten years. California passed a law requiring notification of cybersecurity breaches in 2003, and forty-six other states and the District of Columbia followed suit. Laws requiring “reasonable” levels of security for protected information exist in at least ten states, and numerous states are enacting statutes protecting people from wiretapping and other monitoring of electronic activity.
Regulatory initiatives. Multiple regulatory agencies have addressed cybersecurity concerns through additional regulations, guidelines, and enforcement actions. The U.S. Security and Exchange Commission (SEC), for example, recently issued a new set of guidelines for publicly-traded companies. The guidelines address disclosure of cybersecurity breaches as a means of making information available to investors. The FBI, meanwhile, established a joint task force to investigate cyber threats.
Litigation, new court precedents. Litigation over breaches of data security has become more common as the number of breaches has increased. Recent court decisions address important questions that were not even conceivable before the internet became a common feature of daily life. Courts have considered whether the mere disclosure of PII gives an individual standing to sue, when a company might have a duty to protect someone’s PII even without an express contract, and whether state and federal consumer protection statutes apply to data security breaches. Several cases have examined what types of damages a plaintiff may claim, such as actual monetary losses, costs of mitigation, and emotional distress damages.
The California internet security lawyers at the Law Offices of Salar Atrizadeh represent businesses and individuals seeking guidance through the regulatory and transactional pitfalls of the internet, combining legal knowledge with technological skill to find pioneering solutions for our clients. To schedule a confidential consultation, contact us today online or at (310) 694-3034.
More Blog Posts:
Legislative Efforts to Regulate Online Transactions, Internet Lawyer Blog, February 11, 2012
Internet Piracy Results In Arrests In New Zealand, Internet Lawyer Blog, January 22, 2012
California Online Harassment Laws, Internet Lawyer Blog, December 18, 2011