CYBER SECURITY | 4.5 MIN READ
With 2020 around the corner, you're probably thinking about the approach of tax season or what gifts you'll be buying for the holidays. However, have you considered how you or your business will be affected by new cyber security laws that go into effect next year? Read more to find out what cyber security regulations are going into effect next year as well as the penalties for non-compliance.
Not enough time? Jump to:
California Consumer Privacy Act
New York's SHIELD (Stop Hacks and Improve Electronic Data Security) Act
Connecticut Insurance Data Security Law
How Else Can I Protect My Business?
Outcome
The California Consumer Privacy Act, which goes into effect in January 2020, requires that companies be transparent with California consumers on what personal information they use and how it is used/shared.
Penalties
Companies who do not comply leave themselves open to lawsuits in the case of a data breach. Additionally, California’s Attorney General has the authority to fine companies that don’t follow the new regulations.
For intentional violations, California's Attorney General can bring civil penalties of up to $7500 for each violation. For other violations, the maximum fine is $2500 per violation.
Outcome
Effective on March 21, 2020, the SHIELD Act will require all businesses who hold private computerized data on any New York residents to maintain certain security standards for that information, such as notifying victims of data breaches or risk penalties.
Penalties
Though victims whose information is stolen cannot sue the companies who have been hacked, the Attorney General may take action against businesses who violate the law to obtain civil penalties.
For data breach notification violations that are not reckless or knowing, the court may award damages for actual costs or losses incurred by a person who was entitled to but did not receive a breach notice.
For knowing and reckless data breach notification violations, the court may impose penalties beginning at $5,000 dollars or up to $20 per violation with a cap of $250,000. For data breach safeguard violations, the court may impose penalties of no more than $5,000 per violation.
For those who violate this law, the Insurance Commissioner can call a hearing for the licensee. If the accused has egregiously violated the law, the commissioner can revoke the accused's license, certificate of registration, or authorization to operate.
Additionally, the commissioner may impose a civil penalty of no more than $50,000 for each violation of the law as well as bring about a civil action to recover the amount of any civil penalty that the commissioner imposes on a licensee.
RELATED: Can Businesses Be Sued for Data Breaches?
While this list doesn't contain every single piece of cyber security legislation going into effect in 2020, they are a good measure of the direction that legislation surrounding cyber security is heading.
These laws are just some of the hundreds of proposed legislative pieces that are working their way through state and federal courts. As the world becomes more intertwined with the Internet, the government will increasingly pass more data security laws to protect its citizens.
If you're a consumer, this means that you will have more regulations that protect your private data. However, if you're a business, these regulations mean increasing penalties for those who do not comply with the law. Knowing how to comply with these laws is only the first step in protecting your business' welfare.
Consider managed IT services if you want a partner who will protect your cyber security infrastructure while helping you implement policies that will keep your network in line with the law.