Federal Cyber Security Reform Stalled
It began with Target, then Sony and, most recently, Anthem. Today’s corporations face a new threat by a faceless enemy. Not only do data breaches invade the privacy of millions of Americans, but a breach is incredibly costly, both for the company that is hacked as well as financial institutions. The 2014 Sony breach cost the company an estimated $15 million dollars1, and the Target security breach is estimated to have cost banks and credit unions more than $200 million2. The costs of the Anthem hack remain to be seen3.
Cyber attacks have, unfortunately, become commonplace. Companies that fall victim to such attacks, however, must not only weather the financial losses and public relations challenges that accompany a breach, but those companies must simultaneously navigate a complicated regulatory landscape in order to avoid further liability.
At time of publication, 47 states and the District of Columbia have enacted cyber breach notification laws, but no comprehensive federal law exists which regulates a company’s responsibilities or duties with respect to cyber security. To address this emerging threat to corporate and national security, President Obama commissioned a review of the nation’s private and public sector cyber threats. The President sent a number of legislative proposals to Congress in an effort to create a single federal breach notification standard (and preempt the notification laws in place in the 47 states and the District of Columbia).
Recently, the US House of Representatives passed, by a 307-116 vote, the Protecting Cyber Networks Act. The bill encourages US companies to share security breach information with the federal government in exchange for extending federal law enforcement’s ability to investigate and prosecute cybercrimes against private companies. Although the bill was expected to pass the Senate and become law (after a similar bill passed by a 14-to-1 vote in the Senate Intelligence Committee), it fell eight votes shy of the 60 votes needed to move past a Republican filibuster. The bill’s defeat — just days before the Senate recess — means that federal security legislation will not be addressed until next year.
1. Sony FY 2014 Q3 Financial Statements, www.sony.net/SonyInfo/IR/library/er.html (Released March 17, 2015); Sony Pictures hack has cost the company only $15 million so far, Steven Musil (Feb. 4, 2015), www.cnet.com/news/sony-pictures-hack-to-cost-the-company-only-15-million/.
2. See “Target hack cost banks and credit unions more than $200 million,” The Verge, Rich McCormick (Feb. 18, 2014); www.theverge.com/2014/2/18/5424062/target-hack-cost-200-million-dollars-for-banks-and-credit-unions.
3. “Security firm finds link between China and Anthem hack,” The Washington Post, Ellen Nakashima (Feb. 27, 2015), www.washingtonpost.com/blogs/the-switch/wp/2015/02/27/security-firm-finds-link-between-china-and-anthem-hack.
- Proposed Hours of Service Rules: Balancing Safety and Economy
- Ninth Circuit Holds BIPA Class-Action Plaintiffs Have Article III Standing
- PROFESSIONAL LIABILITY CLIENT ALERT: Attorney Liability Under the FDCPA
- Five Words & Phrases Defense Attorneys Should be Mindful of in Trucking Litigation
- CYBER RISK CLIENT ALERT: BIPA Cutbacks Stalled in Springfield - For Now.
- PROFESSIONAL LIABILITY CLIENT ALERT: The Development of Michigan's Attorney Judgment Rule
- Another BIPA Violation Alleged in Illinois
- LIFE SCIENCES CLIENT ALERT: United States Supreme Court holds that the judge, not the jury, makes pre-emption determination in failure-to-warn pharmaceutical cases.
- Michigan No-Fault Reform Update
- Missouri Joinder/Venue Reform Bill Heading to Governor for His Signature
- Professional Liability
- Class Action
- Insurance Coverage
- Insurance & Reinsurance Litigation & Counseling
- Complex Commercial Litigation
- Cyber Risk & Liability
- Toxic Tort
- Professional Development
- Workers' Compensation
- Construction Litigation & Counseling
- Product Liability
- Discrimination, Harassment & Hostile Workplace Claims
- Medical Negligence & Healthcare Liability
- Pharmaceutical & Medical Device Litigation
- Social Media & Privacy
- Employment Litigation & Counseling