Cybersecurity is a hot topic for just about every company today. With that increased need comes the need to stay on top of cybersecurity regulations.
Consumers are highly concerned about their privacy and for good reason. It seems like there’s a new story about the misuse of customer data on a daily basis. Facebook got hammered in 2018 for misusing data that was collected about users.
This is causing regulators to crack down on corporations who collect data. The goals are to get them to be more transparent with customers as to how that data is being used.
Read on to learn about the top cybersecurity regulations you need to know about.
Table of Contents
1. GDPR
On May 25, 2018, you may have noticed businesses freaking out over GDPR compliance. Passed by the European Union, GDPR requires companies to notify consumers how their data is collected and why.
It also gives people the opportunity to opt-out of such collection or requests their data that’s been collected.
2. Industry Specific Cybersecurity Regulations
Perhaps the two industries that are the most regulated are the health and financial industries. They are frequently under scrutiny due to the amount of sensitive data they handle.
The sensitive nature of the data they work with makes them frequent targets for attack. All a hacker needs is a social security number or bank account number and they can make loads of money on the black market.
HIPPA regulates how health providers store and manage patient information.
The SEC is under pressure right now to regulate the financial industry, since Congress can’t seem to pass comprehensive laws regarding privacy. They provide some guidance, but for the most part, it’s voluntary.
There’s also the FFIEC, which creates some standards for financial institutions. There are specific guidelines to follow, and you can view here for more information.
3. California Consumer Privacy Act
Since Congress hasn’t passed major legislation covering cyber security, states like California and New York have started to pass laws.
This will begin in 2020, and companies can expect similar regulation as GDPR. This applies to California consumers and businesses.
4. New York’s 23 NYCRR Part 500
This law goes into effect on March 1, 2019, and targets the financial and banking industries. This law requires these businesses have a data breach response plan, conduct regular audits, and develop cybersecurity policies.
5. Evolving Federal and State Laws
You’ll need to keep an eye on laws passed by Congress and state legislatures concerning cybersecurity regulations.
For example, first time home buyers are targeted by hackers to send money to an unknown bank account saying that they’re the escrow company and the money is needed to close. The money is sent by the unsuspecting couple and they’re out more than $100,000.
In response to this, you can expect to see tighter regulations at the state and possibly federal level to protect consumers.
Stay on Top of Cybersecurity Regulations
If there’s one thing to know for sure about cybersecurity laws, it’s that they’re always changing. As an Executive Security expert, your job is to stay on top of cybersecurity regulations.
Doing so prevents issues like fines for not meeting regulations, which could be a disaster for some companies.
Want to know more about running a business? Check out these business articles.
Leave a Reply