Get All Access for $5/mo

What Obama's Proposed Anti-Hacking Legislation Means for Entrepreneurs Law seeks to create a unified, federal breach-notification standard that would streamline the requirements for companies in the face of a breach.

By Alicia Gilleskie Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

The slew of highly publicized data breaches over the past few years has brought the issue of cyber-security truly to the mainstream -- most recently reaching our living rooms through President Barack Obama's State of the Union address on Jan. 19.

"And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children's information," the president said. "If we don't act, we'll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe."

Related: Does President Obama's Bid to Bolster Cyber Security Go Far Enough?

The legislation the president references is currently in the form of a proposal introduced last week seeking to create a unified, federal breach-notification standard that would streamline the requirements for companies in the face of a breach. More specific details can be found on whitehouse.gov.

Breach-notification laws are not a new phenomenon. Currently, 47 states and the District of Columbia have enacted some form of breach-notice legislation. Each of these laws has its own set of triggers for when and who must be notified in response to an event that constitutes a "security breach" (note: there is also no unified standard for what events constitute a security breach).

Breach events routinely trigger multiple state laws. Complying with this patchwork of varying standards in the face of a breach is a challenge for any company, large or small.

The proposed legislation would effectively override the current patchwork of state breach-notice law standards, requiring companies to notify affected individuals within 30 days of discovering a breach incident. This means companies would no longer be bound by more stringent state law requirements.

Related: People Are Still Using Terrible Passwords

Among other stricter standards, shorter timeframes for notice would no longer apply. The proposal also omits certain categories of health data that are currently regulated under state laws but not subject to the federal HIPAA law, eliminating any notice requirement for those types of information.

While streamlining the notification process may be helpful to the company in assessing its response to a breach, it is unclear how a law that loosens existing notification requirements "better meets the evolving threat of cyber-attacks."

We are sure to see this proposal debated and revised before it is finalized.

For entrepreneurs and startups, here are a few tips to keep in mind when addressing cyber-security risk concerns:

  • Appoint personnel to oversee data privacy and security for the company. Depending on the company's size and operations, these do not have to be full-time roles. Having a point person who understands the company's data assets, and who can help with workforce education, is invaluable.
  • User error is a major source of data breaches. Take simple steps to educate your workforce on security basics such as password creation and management, and identifying email spoofing and phishing attempts.
  • Have a data-incident-response policy that educates personnel on what to look for, whom to call, and how to respond in the event of a suspected data breach.

Related: 12 Tips to Protect Your Company Website From Hackers

Alicia Gilleskie

Partner at Smith Anderson

Alicia Gilleskie leads the data use, privacy and security practice at Smith Anderson of Raleigh, N.C., advising clients on the rapidly evolving data-regulatory landscape, including data-breach response matters and regulatory enforcement actions following an alleged breach. She also regularly prepares and negotiates complex IT license and outsourcing arrangements involving the sharing of sensitive information assets, software-as-a-service, software and content licenses, website development and hosting relationships, and many other types of technology-related contracts.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Side Hustle

'Hustling Every Day': These Friends Started a Side Hustle With $2,500 Each — It 'Snowballed' to Over $500,000 and Became a Multimillion-Dollar Brand

Paris Emily Nicholson and Saskia Teje Jenkins had a 2020 brainstorm session that led to a lucrative business.

Business News

'I'm Not Trying to Land on Mars': Mark Cuban Takes Dig at Elon Musk to Explain Why His Online Pharmacy Isn't Trying to Make More Money

Mark Cuban Cost Plus Drug Co. is an online pharmacy co-founded by Cuban and radiologist Alex Oshmyansky.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

'It's Not About You': How to Fire Someone Effectively, According to Kevin O'Leary

O'Leary says that if you can't fire someone, you aren't the right leader for the organization.

Leadership

Should I Stay or Should I Go? 8 Key Points to Navigate the Founder's Dilemma

Here are eight key signs that help founders determine whether to persevere or let go.

Marketing

Your Most Powerful Marketing Weapon Is Hiding in the Finance Department — Here's Why

Transform your marketing leadership by turning finance from a barrier into a strategic ally. Learn how aligning with your finance team can drive unprecedented growth and innovation.