Predictions 2020: More cybersecurity laws and regulations
Cybersecurity legislation in the U.S. will continue to accelerate, especially at the state level, where hundreds of new cybersecurity bills will be introduced in 2020.
The National Conference of State Legislatures (NCSL) Cybersecurity task force tracks new legislation on cybersecurity. The number of cybersecurity bills introduced has increased each year for the past 5 years.
Several states have proposed consumer privacy legislation similar to the California Consumer Privacy Act (CCPA), and there are also several consumer privacy bills in Congress.
In 2017, the new cybersecurity regulations from the New York Department of Financial Services went into effect. These applied to state-chartered banks, foreign banks licensed to do business in New York, insurance companies, mortgage firms and other entities licensed by DFS. With the DFS cybersecurity regulations as a template, in 2018 the National Association of Insurance Commissioners published a model cybersecurity law. In 2019, NCSL reports that close to 300 cybersecurity bills were introduced into state legislatures, and 31 states enacted new cybersecurity laws. Furthermore, privacy laws like the CCPA have strong cybersecurity provisions. Nevada has already passed its own version of CCPA and other states will follow. There are several bills in Congress proposing consumer privacy regulation. We can expect this trend of new laws and regulations to accelerate in 2020.
Establish an enterprise cybersecurity legal task force to track new legislation and regulations and conduct business impact assessments for new regulations and any changes to existing rules.