While there is momentum for data breach legislation, there continues to be hurdles to seeing any laws come to fruition. But there is certainly optimism.
The most pressing issue today is whether a national data breach law will be passed. Most support this concept, however there is a lack of agreement on the details and Congressional committees failed to get enough backing for several bills introduced to be signed into law.
With 49 different state-based data breach notification bills including Puerto Rico and District of Columbia, many lawmakers and industry groups think creating one federal standard should be Congress’s top 2015 cybersecurity priority. While unsuccessful so far, we’ll continue to see a push for this to pass. It certainly will be even more a priority in light of the recent Office of Personnel Management data breach, which exposed the files of four million federal workers.
However, industry groups are worried a federal standard could drive over-notification, where consumers are inundated with messages that their data has been exposed. Another concern is that a federal rule would be weaker than some of the state laws already in play.
While policymakers hash things out, companies are left trying to navigate the complex legal requirements. We always advise clients to seek outside legal counsel with an expertise in data breaches. Law firms that have both previous experience managing data breach litigation and that have established relationships with local regulators such as the state attorneys general are ideal.
Further, they should be able to provide insights about the latest developments in case law, which should inform the counsel involved across the board. A good legal partner should also have experience that goes beyond simply helping with formal legal notification. They should be able to serve as an overall breach coach with a strong understanding of what’s needed from the technical investigations, as well as the potential implications of legal decisions on trust and reputation.
To help companies keep abreast of what is happening on The Hill regarding data breach legislation, we released our annual white paper on the topic that can be downloaded here: http://bit.ly/2015LegislativeWhitePaper.