While the national-level security and privacy laws are lost in a swamp of biased politics and corporate lobbying delays, many states have been marching ahead to approve different rules that will help fill in the gaps.
According to the Legiscan database, about a hundred bills concerning privacy, cybersecurity, and data breaches are pending across more than 40 US states. What laws are we talking about here? Well, there’s the HIPAA, COPPA, and even GLBA. Businesses operating in the US must comply with these laws.
With specific laws, businesses have the freedom to store customer data for a particular period. While it’s suitable for companies, consumers, on the other hand, have to deal with a lack of privacy. This is precisely why so many consumers in the US use VPNs to remain anonymous online. With the best VPNs for the US, consumers can freely interact with businesses while remaining somewhat unknown.
Unless centralized and approved legislations are set in place to counter data breaches and protect user privacy, consumers in the U.S must take matters into their own hands.
Join us today as we look into the significant cybersecurity laws that every US Businesses must know that influence privacy, data security, cybersecurity, or data breach notification requirements in particular states.
Cybersecurity Laws That US Businesses Must know
“23 NYCRR 500 Law”
The “23 NYCRR 500” law was adopted on Feb 16th of 2017, by the Department of Financial Services in New York. It places cybersecurity obligations on all included financial institutions. The rules require companies to assess the risk profiles and suggest a program to counter such risks. Every company that the DFS regulates is necessary to build an in-house cybersecurity plan to preserve information assets beneath their power. The laws further state appointing a CIO and manage audit tracks, among different other cybersecurity practices.
Improve Security Of Electronic Data & Stop Hacks Act
Andrew Cuomo approved the Improve Security of Electronic Data and Stop Hacks Act on 25th July, 2019. This law expands the modern data violation protection law and applies different cybersecurity responsibilities to bound entities.
According to the bill:
- Addition of biometric data and personal email addresses with their passwords and security questions.
- Unlawful access to individual information should also be counted as a possible breach of data.
- Implements the warning condition to any individual with the confidential data of a citizen of New York, and not only those conducting professional dealings in NY.
- Updates the warning methods organizations and republic entities must obey whenever a violation of individual data occurs.
- Establish data security conditions custom-made to the magnitude of an enterprise.
Massachusetts Act H.4806
Charlie Baker approved this act on 10th January 2019. Accordingly to the law:
- In case of any data breach, the name of the targeted organization’s parent company should be revealed.
- The businesses will provide free assets advising services to citizens whose social security numbers have been influenced by a breach. The breached organization cannot accustom the services on the resident’s refusal of their right of action.
- A new set of breach notifications conditions including the revelation of the individual accountable for the breach, the knowledge of the entity that endured the violation and the person who announced the offense, the type of private data jeopardized, whether the breached entity keeps an indicted data security plan, and an example of the notification sent to state inmates.
- Conditions that breach notification may not linger because the number of inhabitants affected is not yet determined.
P.L.2005, c.226 (S. 51)
This bill was approved by Governor Phil Murphy on May 10, 2019. It handles ID for any online account as a classified information point to nation breach notification laws. Accordingly, to it following will be treated as confidential information:
- Social Security number
- Drivers license number or ID card number
- Account number
- Credit or Debit Card number
- Disunited data that, if combined, would constitute personal information
Maryland Personal Information Protection Act (House Bill 1154)
This law was approved by Larry Hogan – The governor – on April 30, 2019. This law extends the state’s recent data breach needs to personal information held by a business in addition to personal data owned by a company.
These businesses are also subject to investigate whether the individual’s private data has been misused due to the breach. However, the organizations that maintain personal data may not charge the owner for giving the data needed to inform Maryland inhabitants.
OCIPA SB 684
May 24, 2019, Governor Kate Brown approves the Oregon Consumer Information Protection Act. The law alters state law by including the online account credentials into the definition of personal information.
The vendors that hold the private data of more than 250 citizens will be assigned additional notification obligations and must notify the Oregon Attorney General. However, the appropriate business and sub-vendors must be notified by the vendors within ten days of identifying a security violation.
Washington Act (SHB 1071)
Approved by Jay Inslee on May 7, 2019, which came into effect as of March 1, 2020.
According to this law, an individual’s first and last name combined with the date of birth, ID numbers, password port number, medical and biometric data will be counted as personal information.
Under this law, businesses now have only 30 days to deliver the requisite notification. This notification comprises different information regarding the breach, such as timeframe of exposure, date, types of the personal data affected, and a review of breach warning sent to Washington citizens.
There you go, major cybersecurity laws that every US business must know to ensure complete protection against current cybersecurity breaches and threats.
No matter if a business is small or large, it should always thrive towards protecting its employee’s online privacy and personal information. Here are few cybersecurity startup tips that every business needs to implement to prevent data breaches and personal information compromised.
To understand more about personal data and protect it within a particular business infrastructure, check the five best data protection tips for businesses.