State governments are taking the lead in developing cybersecurity regulations as cyberattacks and data breaches continue to skyrocket.

There’s a huge need for privacy regulations in the U.S. as the federal government has been deficient in adopting regulations. To help drive home the need for cybersecurity policies, states are attempting to push forward some type of standard or regulation that, eventually, the federal government can adopt. Here’s what we’re seeing:

• This past year was marked by litigation and some notable fines levied against enterprises for lack of compliance with GDPR.
• In addition to GDPR, state legislation such as the California Consumer Privacy Act (CCPA), and New York’s DFS 500 are also gaining traction in states taking a proactive stance in establishing security protections.
• Rapid change to legislation in Washington and Nevada around privacy regulation in cybersecurity, which will drive federal action as states put pressure on the federal government to develop standards.

As the number of fines for non-compliance with GDPR rises, a question on some observers’ minds is whether companies missed a few key pieces of implementation or whether they are willfully disregarding GDPR, thinking the fine may be small enough to absorb.

It will be interesting to see how all this plays out as more and more individual states develop their own regulations. Eventually, the federal government will need to step up in adopting policies, as multi-state regulations required for businesses grow more complex. We’ll continue to watch this throughout the year to see what happens with regulation.

2020 is going to be pivotal for cybersecurity and privacy regulation in the U.S. Stay tuned as the team at CRITICALSTART monitors the security and privacy landscape throughout the year to see how the predictions we made at the beginning of the year related to state legislation play out.

 

By Jordan Mauriello | SVP of Managed Security, CRITICALSTART

February 6, 2020