The federal government is trying to find as many ways as possible to handle the cybersecurity crisis facing the United States. While it is unlikely that Congress will pass a comprehensive federal cybersecurity law, for the private sector the Executive Branch and its many agencies are issuing directives and guidelines with far-reaching impacts. Additionally, states across the nation are passing their own data protection and cybersecurity laws with whiplash speed. The U.S. doesn’t have a federal cybersecurity law, but the new regulatory and state landscape is changing the way companies do business. This basketweave of new laws provides a boost to existing cybersecurity guidelines. However, the industry standard for almost all organizations is the National Institutes of Standard and Technology (NIST) Cybersecurity Framework and NIST Privacy Framework.
There are new federal regulations, directives and guidelines as well as new case law, industry-specific guidelines and new state laws that, when taken together, form an industry standard applicable to almost all business sectors. And the end result is if you receive, collect or hold data in an enumerated industry or sector, or collect client data, your business must have an information security program in place.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]