What Obama's Proposed Anti-Hacking Legislation Means for Entrepreneurs Law seeks to create a unified, federal breach-notification standard that would streamline the requirements for companies in the face of a breach.

By Alicia Gilleskie Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

The slew of highly publicized data breaches over the past few years has brought the issue of cyber-security truly to the mainstream -- most recently reaching our living rooms through President Barack Obama's State of the Union address on Jan. 19.

"And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children's information," the president said. "If we don't act, we'll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe."

Related: Does President Obama's Bid to Bolster Cyber Security Go Far Enough?

The legislation the president references is currently in the form of a proposal introduced last week seeking to create a unified, federal breach-notification standard that would streamline the requirements for companies in the face of a breach. More specific details can be found on whitehouse.gov.

Breach-notification laws are not a new phenomenon. Currently, 47 states and the District of Columbia have enacted some form of breach-notice legislation. Each of these laws has its own set of triggers for when and who must be notified in response to an event that constitutes a "security breach" (note: there is also no unified standard for what events constitute a security breach).

Breach events routinely trigger multiple state laws. Complying with this patchwork of varying standards in the face of a breach is a challenge for any company, large or small.

The proposed legislation would effectively override the current patchwork of state breach-notice law standards, requiring companies to notify affected individuals within 30 days of discovering a breach incident. This means companies would no longer be bound by more stringent state law requirements.

Related: People Are Still Using Terrible Passwords

Among other stricter standards, shorter timeframes for notice would no longer apply. The proposal also omits certain categories of health data that are currently regulated under state laws but not subject to the federal HIPAA law, eliminating any notice requirement for those types of information.

While streamlining the notification process may be helpful to the company in assessing its response to a breach, it is unclear how a law that loosens existing notification requirements "better meets the evolving threat of cyber-attacks."

We are sure to see this proposal debated and revised before it is finalized.

For entrepreneurs and startups, here are a few tips to keep in mind when addressing cyber-security risk concerns:

  • Appoint personnel to oversee data privacy and security for the company. Depending on the company's size and operations, these do not have to be full-time roles. Having a point person who understands the company's data assets, and who can help with workforce education, is invaluable.
  • User error is a major source of data breaches. Take simple steps to educate your workforce on security basics such as password creation and management, and identifying email spoofing and phishing attempts.
  • Have a data-incident-response policy that educates personnel on what to look for, whom to call, and how to respond in the event of a suspected data breach.

Related: 12 Tips to Protect Your Company Website From Hackers

Alicia Gilleskie

Partner at Smith Anderson

Alicia Gilleskie leads the data use, privacy and security practice at Smith Anderson of Raleigh, N.C., advising clients on the rapidly evolving data-regulatory landscape, including data-breach response matters and regulatory enforcement actions following an alleged breach. She also regularly prepares and negotiates complex IT license and outsourcing arrangements involving the sharing of sensitive information assets, software-as-a-service, software and content licenses, website development and hosting relationships, and many other types of technology-related contracts.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Business News

'Now Accepting Applications': Elon Musk Is Opening a New Preschool in Texas Called Ad Astra. Here's How to Apply.

The school got an official permit last month to operate with as many as 21 students.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

'We're Not Allowed to Own Bitcoin': Crypto Price Drops After U.S. Federal Reserve Head Makes Surprising Statement

Fed Chair Jerome Powell's comments on Bitcoin and rate cuts have rattled cryptocurrency investors.

Business News

A New Hampshire City Was Named the Hottest Housing Market in the U.S. This Year. Here's the Top 10 for 2024.

Zillow released its annual lists featuring the top housing markets, small towns, coastal cities, and geographic regions. Here's a look at the top real estate markets and towns in 2024.

Leadership

How Smart People Handle Difficult People

Toxic people defy logic. Some are blissfully unaware of the negativity they spread, while others seem to derive satisfaction from creating chaos.