Safeguarding Corporate Interests: Essential Cybersecurity Regulations
The Cyber Regulatory Landscape
These days, corporations are more and more exposed to the danger of cyberattacks and data breaches, and for the last several years, we have seen those dangers grow. In this current climate, governments around the planet are responding by establishing a whole range of new cybersecurity regulations; some are better than others, but all are mostly the same—hugely expensive and mostly for show. It’s the same in the United States, where we have a sector-specific and state-based approach to cybersecurity regulation, as opposed to the European Union’s sort-of unified, sort-of unifying General Data Protection Regulation (GDPR). That said, the GDPR is a good place to start a conversation about what the future holds.
Critical U.S. Cybersecurity Laws
HIPAA: Protecting Healthcare Data
The Health Insurance Portability and Accountability Act (HIPAA) establishes stringent security standards for the healthcare industry to protect Protected Health Information (PHI). Key aspects of HIPAA include:
- Implementation of physical, administrative, and technical safeguards to secure PHI
- The Breach Notification Rule, which requires providers to notify affected individuals and the Office for Civil Rights (OCR) of any breaches of unsecured PHI affecting 500 or more individuals within 60 days
- Non-compliance penalties that range from $100 to $50,000 per violation Healthcare organizations, insurance companies, and all their partners must prioritize HIPAA compliance.
GLBA: Securing Financial Information
The Gramm-Leach-Bliley Act (GLBA) requires that personal financial information held by financial institutions be protected. It has three basic parts:
- The Privacy Rule: Requires that financial institutions explain to their customers what kinds of information they share with third parties and why.
- The Safeguards Rule: Requires that financial institutions design and implement a comprehensive security program to protect customer data.
CCPA: Enhancing Consumer Privacy
The California Consumer Privacy Act (CCPA) gives huge power to control their personal information to the 39.5 million residents of California. The CCPA’s biggest impact is on for-profit businesses that collect a lot of data and fall within its jurisdiction. Like its big brothers in the data protection world, the General Data Protection Regulation (GDPR) and the now retired Safeguards Rule, the CCPA is also a rule that lots of businesses have to follow, with certain criteria figuring in. These criteria are annual revenues and number of California consumers whose data is involved.
The Cost of Non-Compliance
Failing to follow U.S. cybersecurity laws can lead to hefty penalties that include:
- Fines and sanctions
- Legal liabilities
- Reputation damage
Potential fines and legal consequences vary by law and the nature of the violation:
- Law
- Potential Fine
- HIPAA: $100 to $50,000 per incident
- CCPA: Up to $7,500 per intentional violation (Affected parties may also take legal action.)
Note: Penalties may go up if the violation is found to be willful or reckless; in that case, fines may be doubled.
Reputational damage and loss of consumer trust
Failing to follow the rules can result in a lot of bad things happening, including some that can knock a business right out of existence so you should request assistance from an international legal firm to protect your business. But let’s take a look at some of these in a list to highlight them. Non-compliance can lead to:
- Lost trust from customers and partners
- Bad press, also known as our good friend, negative media coverage
- Revenue drops because customers are leaving us
- A disruption in business operations and a revenue loss that can make it seem like we are on the highway to bankruptcy
- A cyberattack resulting from non-compliance can cause any one or more of the following:
- Operational downtime;
- Data loss;
- Costs that can only be described as astronomical for incident response and recovery.
You can request assistance from a global legal firm to help you with compliance and avoid legal risks.
