Federal Cyber Security Reform Stalled
It began with Target, then Sony and, most recently, Anthem. Today’s corporations face a new threat by a faceless enemy. Not only do data breaches invade the privacy of millions of Americans, but a breach is incredibly costly, both for the company that is hacked as well as financial institutions. The 2014 Sony breach cost the company an estimated $15 million dollars1, and the Target security breach is estimated to have cost banks and credit unions more than $200 million2. The costs of the Anthem hack remain to be seen3.
Cyber attacks have, unfortunately, become commonplace. Companies that fall victim to such attacks, however, must not only weather the financial losses and public relations challenges that accompany a breach, but those companies must simultaneously navigate a complicated regulatory landscape in order to avoid further liability.
At time of publication, 47 states and the District of Columbia have enacted cyber breach notification laws, but no comprehensive federal law exists which regulates a company’s responsibilities or duties with respect to cyber security. To address this emerging threat to corporate and national security, President Obama commissioned a review of the nation’s private and public sector cyber threats. The President sent a number of legislative proposals to Congress in an effort to create a single federal breach notification standard (and preempt the notification laws in place in the 47 states and the District of Columbia).
Recently, the US House of Representatives passed, by a 307-116 vote, the Protecting Cyber Networks Act. The bill encourages US companies to share security breach information with the federal government in exchange for extending federal law enforcement’s ability to investigate and prosecute cybercrimes against private companies. Although the bill was expected to pass the Senate and become law (after a similar bill passed by a 14-to-1 vote in the Senate Intelligence Committee), it fell eight votes shy of the 60 votes needed to move past a Republican filibuster. The bill’s defeat — just days before the Senate recess — means that federal security legislation will not be addressed until next year.
1. Sony FY 2014 Q3 Financial Statements, www.sony.net/SonyInfo/IR/library/er.html (Released March 17, 2015); Sony Pictures hack has cost the company only $15 million so far, Steven Musil (Feb. 4, 2015), www.cnet.com/news/sony-pictures-hack-to-cost-the-company-only-15-million/.
2. See “Target hack cost banks and credit unions more than $200 million,” The Verge, Rich McCormick (Feb. 18, 2014); www.theverge.com/2014/2/18/5424062/target-hack-cost-200-million-dollars-for-banks-and-credit-unions.
3. “Security firm finds link between China and Anthem hack,” The Washington Post, Ellen Nakashima (Feb. 27, 2015), www.washingtonpost.com/blogs/the-switch/wp/2015/02/27/security-firm-finds-link-between-china-and-anthem-hack.
- PROFESSIONAL LIABILITY CLIENT ALERT: Pennsylvania Mulls Repeal of Medical Malpractice Venue Restrictions; Both Plaintiff and Defense Bars Claim Victory From Study
- Illinois Fourth District Appellate Court Overturns Asbestos Verdict Based On Lack Of Causation
- CYBER RISK CLIENT ALERT: The Constitutional Argument Against BIPA
- CYBER RISK CLIENT ALERT: The SHIELD Act Requires Corporations to Implement Cyber-Security Measures
- New Michigan DIFS Order Raises More Questions for Auto Insurers
- Proposed Hours of Service Rules: Balancing Safety and Economy
- Ninth Circuit Holds BIPA Class-Action Plaintiffs Have Article III Standing
- PROFESSIONAL LIABILITY CLIENT ALERT: Attorney Liability Under the FDCPA
- Five Words & Phrases Defense Attorneys Should be Mindful of in Trucking Litigation
- CYBER RISK CLIENT ALERT: BIPA Cutbacks Stalled in Springfield - For Now.
- Professional Liability
- Class Action
- Insurance & Reinsurance Litigation & Counseling
- Complex Commercial Litigation
- Insurance Coverage
- Cyber Risk & Liability
- Toxic Tort
- Professional Development
- Pharmaceutical & Medical Device Litigation
- Product Liability
- Construction Litigation & Counseling
- Employment Litigation & Counseling
- Discrimination, Harassment & Hostile Workplace Claims
- Social Media & Privacy
- Workers' Compensation
- Medical Negligence & Healthcare Liability