This article originally appeared in Cybersecurity Law & Strategy. © ALM Media LLC. Reprinted with permission.
The federal government is trying to find as many ways as possible to handle the cybersecurity crisis facing the United States. While it is unlikely that Congress will pass a comprehensive federal cybersecurity law for the private sector, the Executive Branch, and its many agencies, they are issuing directives and guidelines with far-reaching impacts. Additionally, states across the nation are passing their own data protection and cybersecurity laws with whiplash speed. The U.S. doesn’t have a federal cybersecurity law, but the new regulatory and state landscape is changing the way companies do business. This basket weave of new laws provides a boost to existing cybersecurity guidelines. However, the industry standard for almost all organizations is the National Institutes of Standard and Technology (NIST) Cybersecurity Framework and NIST Privacy Framework.
There are new federal regulations, directives, and guidelines as well as new case law, industry-specific guidelines, and new state laws that, when taken together, form an industry standard applicable to…
