The Hill calls a new cyber security bill passed by the US House of Representatives a "win for industry" because many banks and security firms have been pushing for this legislation. Why is that?
The bill, officially called the Protecting Cyber Networks Act, sets up a way for businesses to share data about their cyber threats with government agencies. Here's the breakdown:
- Companies would be encouraged to share data about potential threats on their network.
- Legal liability protections would be offered for companies that share information.
- The bill doesn't make any requirements for IT contractors.
- Participation in this program is entirely voluntary.
Why does the government want you to share threat data with its agencies? The idea is that by having a better understanding of what threats are out there, law enforcement officials will be better able to combat them and issue warnings to other businesses that may face similar attacks.
Privacy Concerns with New Data Security Legislation
The bill faces vocal opposition from privacy advocates who see it as another example of the government collecting private data on its citizens, according to The New York Times.
To quell these concerns, lawmakers have included provisions in the bill requiring all data to be "scrubbed" twice to remove any personally identifying information of the users. Advocates are skeptical of these reassurances, to the say the least.
Privacy concerns might not be enough to stop it. Despite the opposition, the bill passed the House and appears to have similar support in the Senate. However, the Senate version of the bill may face delays by time-consuming amendments.
Why New Laws Matter for IT Consultants
If this bill becomes a law, you probably won't see much of a difference in your day-to-day life as an IT contractor. However, some clients may have questions about this or other data security laws, so it's important to stay current.
As we reported in "Most of Your Clients Don't Understand State Data Breach Laws," over 60 percent of small-business owners aren't confident in their understanding of basic cyber security laws.
This new law won't add any requirements, but clients may ask you about it and you'll need to supply them with answers. Take into consideration...
- Clients could find themselves in a tricky legal situation with this law if they don't add a disclosure to their privacy policy to make it clear that they share this data with government agencies.
- It's not enough for clients to have a data security policy; they need to be transparent in their privacy policy as well.
See "AOL's New Privacy Policy More of a No-Privacy Policy" for an example of the kind of disclosures your clients have to make in their privacy policy.
Make sure to follow your TechInsurance's cyber security blog. As new laws are proposed, voted on, and passed, we'll keep you informed to help you best serve your clients.
