What Obama's Proposed Anti-Hacking Legislation Means for Entrepreneurs Law seeks to create a unified, federal breach-notification standard that would streamline the requirements for companies in the face of a breach.

By Alicia Gilleskie Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

The slew of highly publicized data breaches over the past few years has brought the issue of cyber-security truly to the mainstream -- most recently reaching our living rooms through President Barack Obama's State of the Union address on Jan. 19.

"And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children's information," the president said. "If we don't act, we'll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe."

Related: Does President Obama's Bid to Bolster Cyber Security Go Far Enough?

The legislation the president references is currently in the form of a proposal introduced last week seeking to create a unified, federal breach-notification standard that would streamline the requirements for companies in the face of a breach. More specific details can be found on whitehouse.gov.

Breach-notification laws are not a new phenomenon. Currently, 47 states and the District of Columbia have enacted some form of breach-notice legislation. Each of these laws has its own set of triggers for when and who must be notified in response to an event that constitutes a "security breach" (note: there is also no unified standard for what events constitute a security breach).

Breach events routinely trigger multiple state laws. Complying with this patchwork of varying standards in the face of a breach is a challenge for any company, large or small.

The proposed legislation would effectively override the current patchwork of state breach-notice law standards, requiring companies to notify affected individuals within 30 days of discovering a breach incident. This means companies would no longer be bound by more stringent state law requirements.

Related: People Are Still Using Terrible Passwords

Among other stricter standards, shorter timeframes for notice would no longer apply. The proposal also omits certain categories of health data that are currently regulated under state laws but not subject to the federal HIPAA law, eliminating any notice requirement for those types of information.

While streamlining the notification process may be helpful to the company in assessing its response to a breach, it is unclear how a law that loosens existing notification requirements "better meets the evolving threat of cyber-attacks."

We are sure to see this proposal debated and revised before it is finalized.

For entrepreneurs and startups, here are a few tips to keep in mind when addressing cyber-security risk concerns:

  • Appoint personnel to oversee data privacy and security for the company. Depending on the company's size and operations, these do not have to be full-time roles. Having a point person who understands the company's data assets, and who can help with workforce education, is invaluable.
  • User error is a major source of data breaches. Take simple steps to educate your workforce on security basics such as password creation and management, and identifying email spoofing and phishing attempts.
  • Have a data-incident-response policy that educates personnel on what to look for, whom to call, and how to respond in the event of a suspected data breach.

Related: 12 Tips to Protect Your Company Website From Hackers

Alicia Gilleskie

Partner at Smith Anderson

Alicia Gilleskie leads the data use, privacy and security practice at Smith Anderson of Raleigh, N.C., advising clients on the rapidly evolving data-regulatory landscape, including data-breach response matters and regulatory enforcement actions following an alleged breach. She also regularly prepares and negotiates complex IT license and outsourcing arrangements involving the sharing of sensitive information assets, software-as-a-service, software and content licenses, website development and hosting relationships, and many other types of technology-related contracts.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Buying / Investing in Business

Former Zillow Execs Target $1.3T Market

Co-ownership is creating big opportunities for entrepreneurs.

Growing a Business

5 Steps to Spend Less and Sell More — The Smart Entrepreneur's Guide to Growth

Here's how entrepreneurs can cut costs while boosting sales.

Business Ideas

70 Small Business Ideas to Start in 2025

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2025.

Marketing

5 Unconventional Tips to Turn Your Ideas Into Impactful Creative Collaboration

From brainstorming sessions to final product launches, it's the creative process that transforms ideas into successful ventures. Learn why some creative processes succeed and others don't and how you can unlock the full potential of your team's creativity.

Growing a Business

This Chef Built a Meatball Empire, Lost Millions and Came Back Stronger with a Pizza Revolution

Daniel Holzman discusses the importance of authenticity, better workplace culture and not letting ego get in the way of financial success.

Business News

JPMorgan Chase CEO Jamie Dimon Regrets Cursing at Company Town Hall But Stands By Return-to-Office Mandate: 'We're Not Going to Change'

Dimon said if employees don't want to return to the office five days a week, "They can get a job elsewhere."