Once upon a time, cybersecurity news revolved around corporate hacks and credit card scammers. But today’s headlines have taken an alarming turn. News about nation-state hackers and government breaches dominate the media.
If there is a silver lining to these attacks, it’s that cybersecurity issues are hitting close to home for legislators, prompting lawmakers to take action and create policies that will keep both corporate and government organizations safer. In 2020 alone, over 280 cybersecurity bills and resolutions were introduced by U.S. lawmakers.
What does the future hold for cybersecurity regulation? Only time will tell. In the meantime, here are some of the most influential cybersecurity laws passed in recent years.
California Consumer Protection Act (CCPA)
California became the first state in the U.S. to pass broad privacy legislation when it passed the California Consumer Protection Act, effective January 1, 2020. Similarly to the E.U.’s General Data Protection Regulation, the CCPA was created to give everyday consumers more control over their data privacy.
The two pieces of legislation are similar, with a few key differences. While the GDPR’s main focus is to require prior consent from consumers, the CCPA focuses on the consumers’ right to opt out of data collection. The CCPA does not mandate consumer consent, but it does give users the right to access any data that has already been collected by an organization, as well as to request that personal data be deleted.
General Data Protection Regulation (GDPR)
On May 25, 2018, the European Union made history when they passed GDPR and changed data privacy forever. While the rule was passed to protect European citizens from data breaches, the blurred boundaries of the internet meant that GDPR affected organizations around the world.
In short, the GDPR established data protection rules for any company collecting data from an EU citizen — regardless of that company’s location. The GDPR covers a wide range of regulations, most notably about data collection and transparency. Any company that collects data from EU citizens needs explicit, informed consent.
The GDPR also impacted breach reporting. When data is breached, the GDPR gives companies just 72 hours to notify authorities, and requires that organizations notify consumers of high-risk data breaches “without undue delay.” The strict regulation mandates that businesses that don’t comply with GDPR may be penalized up to €20 million or 4 percent of annual global revenue — whichever is higher.
Internet of Things (IoT) Cybersecurity Improvement Act
Consumers and businesses alike have been quick to adopt smart devices, from voice tech to connected security cameras to intelligent cars. But with more connected devices comes more vulnerability to cyber attacks. Thankfully, the U.S. federal government has stepped in to up security on IoT technology with the Internet of Things Cybersecurity Improvement Act.
Signed into law on December 4, 2020, this act established security standards for IoT devices owned or used by the federal government. Despite that the law currently only applies to devices used by government entities, this act is expected to have a trickle-down effect. If tech companies want the buy-in of government bodies, they’re going to have to follow the minimum security standards set forth in this piece of legislation—which means they will likely follow the same standards to manufacture consumer-facing IoT devices as well.
State and Local Cybersecurity Improvement Act
Government entities are one of the most targeted industries for cyberthieves, which is why U.S. legislators will be prioritizing cybersecurity initiatives in 2021. One of these initiatives is the State and Local Cybersecurity Improvement Act, which would disperse more federal resources to smaller state and local governments.
This bipartisan act would grant $400 million to the Department of Homeland Security for the sole purpose of much needed cybersecurity funding for state and local governments. It would also mandate the Department of Homeland Security and Infrastructure Security Agency (CISA) to create a defense in depth strategy to fortify the defense of local, state, territorial, and tribal governments.
Secure Your Organization Against Cyberattacks
With new regulations underway, government entities and corporations alike are seeing the light at the end of the tunnel. But you don’t need to wait for the next bill to pass before updating your cyber defenses.
Bluefin is here to help you secure your networks and keep consumers safe from data breaches. For more information on payment security solutions, P2PE encryption, tokenization and more, contact a Bluefin representative today and view our white paper to understand the benefits of using Bluefin P2PE technology.