Here in the United States, companies face a patchwork of legal obligations that address information security and data privacy. For example, federal laws target certain market segments (such as health care, financial services, and education), state laws target certain types of information (such as personal financial or biometric information), and both state and federal laws target unfair or unreasonable business practices. This patchwork—and the lack of comprehensive nationwide privacy and security standards—can make compliance challenging and frustrating. Security professionals and legal counsel must work hard to keep up.
The Security and Exchange Commission (SEC) will soon add to the patchwork. The SEC’s new rules promise to add significant compliance obligations for public companies, and non-public companies will also want to take note.Continue Reading The SEC’S Proposed Cybersecurity Rules: Is Your Company Ready?