It’s the law…almost
2018 may go down as the year the EU’s GDPR went into effect but legislators domestically kept busy introducing and passing legislation meant to bolster the U.S.’s cybersecurity and privacy postures.
California Privacy Act
After a rush to get legislation done so a ballot measure slated for the November election could be pulled by the withdrawal deadline, the California State Assembly passed the California Consumer Privacy Act of 2018, which many privacy pros peg as the foundation of an eventual U.S. GDPR-type law. The act, set to take effect in 2020, is the most stringent of its kind in the U.S. “With the breaking news of the dramatic passage of California’s new privacy law, AB 375, the strictest privacy measure in the nation, along with the coming into force of the European GDPR and SCOTUS decision in Carpenter – it’s clear privacy has risen to the top of policymakers’ agenda worldwide,” said Omer Tene, Chief Knowledge Officer of the International Association of Privacy Professionals (IAPP). “Now, industry will need to adapt.” Support for a national law that addresses privacy issues has grown. Apple CEO Tim Cook recently said that his company is “in full support of a comprehensive federal privacy law in the United States.”
Cook called the argument made by some tech companies that they could “never achieve technology’s true potential” if they are “constrained by privacy regulation” as not only “just wrong,” but also destructive. “We will never achieve technology’s true potential without the full faith and confidence of the people who use it,” he said, noting that legislation should be based on users having the right to access to the data companies collect and to security. “Security is foundational to trust and all other privacy rights.”
National breach notification law
A bill introduced by the House Financial Services Committee would amend the Gramm-Leach-Bliley Act (GLBA) to include a national breach notification law for the financial industry that would supersede the multitude of state laws.
“It is going to take better cooperation from all my colleagues and the industries that handle consumer data in order to advance additional meaningful changes,” the author of the bill, Rep. Blaine Luetkemeyer, R-Mo., said in a statement. “At some point, there will be another major breach, and without a comprehensive solution our constituents will pay the price for our inaction.”
State of California’s SB: 327 - Information privacy: connected devices act
California’s IoT law applies to manufacturers of devices or those who have a device manufactured on its behalf for sale in California. It does not, however, apply to devices purchased for resale, even if they are privately labeled, and some legal experts feel “the law is ambiguous in many respects, and will likely create significant challenges in its implementation and effectiveness,” according to Sudhakar Ramakrishna, CEO, Pulse Secure.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.