CLIENT ALERT: Federal Cyber Security Reform Progresses
Update: Since the publication of this post,the Senate Intelligence Committee of the 114th Congress has passed the Cybersecurity Information Sharing Act of 2015 (CISA). To track the Bill’s progress, click here.
It began with Target, then Sony and, most recently, Anthem. Today’s corporations face a new threat by a faceless enemy. Not only do data breaches invade the privacy of millions of Americans, but a breach is incredibly costly, both for the company that is hacked as well as financial institutions. The 2014 Sony breach cost the company an estimated $15 million dollars1, and the Target security breach is estimated to have cost banks and credit unions more than $200 million2. The costs of the Anthem hack remain to be seen3.
Cyber attacks have, unfortunately, become commonplace. Companies that fall victim to such attacks, however, must not only weather the financial losses and public relations challenges that accompany a breach, but those companies must simultaneously navigate a complicated regulatory landscape in order to avoid further liability.
At time of publication, 47 states and the District of Columbia have enacted cyber breach notification laws, but no comprehensive federal law exists which regulates a company’s responsibilities or duties with respect to cyber security. To address this emerging threat to corporate and national security, President Obama commissioned a review of the nation’s private and public sector cyber threats. The President sent a number of legislative proposals to Congress in an effort to create a single federal breach notification standard (and preempt the notification laws in place in the 47 states and the District of Columbia).
Recently, the US House of Representatives passed, by a 307-116 vote, the Protecting Cyber Networks Act. The bill encourages US companies to share security breach information with the federal government in exchange for extending federal law enforcement’s ability to investigate and prosecute cybercrimes against private companies. Although the bill was expected to pass the Senate and become law (after a similar bill passed by a 14-to-1 vote in the Senate Intelligence Committee), it fell eight votes shy of the 60 votes needed to move past a Republican filibuster. The bill’s defeat — just days before the Senate recess — means that federal security legislation will not be addressed until next year.
1. Sony FY 2014 Q3 Financial Statements, www.sony.net/SonyInfo/IR/library/er.html (Released March 17, 2015); Sony Pictures hack has cost the company only $15 million so far, Steven Musil (Feb. 4, 2015), www.cnet.com/news/sony-pictures-hack-to-cost-the-company-only-15-million/.
2. See “Target hack cost banks and credit unions more than $200 million,” The Verge, Rich McCormick (Feb. 18, 2014); www.theverge.com/2014/2/18/5424062/target-hack-cost-200-million-dollars-for-banks-and-credit-unions.
3. “Security firm finds link between China and Anthem hack,” The Washington Post, Ellen Nakashima (Feb. 27, 2015), www.washingtonpost.com/blogs/the-switch/wp/2015/02/27/security-firm-finds-link-between-china-and-anthem-hack.
- 11th Circuit Court Clarifies Harvey v Geico Florida Supreme Court Decision on Evidence of Claimant and Claimant Counsel Action in Bad Faith Case
- Finally! Discovery Harassment of Top-Level Corporate Officers is Curtailed
- Limitations for Policyholders Seeking Coverage in Employment-Related BIPA Cases
- Vaccine Mandates in the Workplace Are Spreading
- The Death of Impartiality - "Dr. Death," Reptilian Tactics, and Fighting Juror Bias
- Considerations That Employers Should be Mindful of as Employees Return to the Office
- A Win for Policyholders Seeking Coverage in a BIPA Class Action Suit
- Reasonable Disagreement or Fraud? Competing Estimates of Property Damage in First Party Claims
- Malpractice Mayhem: An Insurer's Standing to Sue Counsel Retained to Defend Its Insured
- Prejudgment Interest Now a Reality in Illinois
- Professional Liability
- Class Action
- Complex Commercial Litigation
- Insurance & Reinsurance Litigation & Counseling
- Insurance Coverage
- Cyber Risk & Liability
- Toxic Tort
- Professional Development
- Discrimination, Harassment & Hostile Workplace Claims
- Workers' Compensation
- Employment Litigation & Counseling
- Medical Negligence & Healthcare Liability
- Pharmaceutical & Medical Device Litigation
- Product Liability
- Construction Litigation & Counseling
- Social Media & Privacy