You can be on Entrepreneur’s cover!

What Obama's Proposed Anti-Hacking Legislation Means for Entrepreneurs Law seeks to create a unified, federal breach-notification standard that would streamline the requirements for companies in the face of a breach.

By Alicia Gilleskie

entrepreneur daily

Opinions expressed by Entrepreneur contributors are their own.

The slew of highly publicized data breaches over the past few years has brought the issue of cyber-security truly to the mainstream -- most recently reaching our living rooms through President Barack Obama's State of the Union address on Jan. 19.

"And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children's information," the president said. "If we don't act, we'll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe."

Related: Does President Obama's Bid to Bolster Cyber Security Go Far Enough?

The legislation the president references is currently in the form of a proposal introduced last week seeking to create a unified, federal breach-notification standard that would streamline the requirements for companies in the face of a breach. More specific details can be found on

Breach-notification laws are not a new phenomenon. Currently, 47 states and the District of Columbia have enacted some form of breach-notice legislation. Each of these laws has its own set of triggers for when and who must be notified in response to an event that constitutes a "security breach" (note: there is also no unified standard for what events constitute a security breach).

Breach events routinely trigger multiple state laws. Complying with this patchwork of varying standards in the face of a breach is a challenge for any company, large or small.

The proposed legislation would effectively override the current patchwork of state breach-notice law standards, requiring companies to notify affected individuals within 30 days of discovering a breach incident. This means companies would no longer be bound by more stringent state law requirements.

Related: People Are Still Using Terrible Passwords

Among other stricter standards, shorter timeframes for notice would no longer apply. The proposal also omits certain categories of health data that are currently regulated under state laws but not subject to the federal HIPAA law, eliminating any notice requirement for those types of information.

While streamlining the notification process may be helpful to the company in assessing its response to a breach, it is unclear how a law that loosens existing notification requirements "better meets the evolving threat of cyber-attacks."

We are sure to see this proposal debated and revised before it is finalized.

For entrepreneurs and startups, here are a few tips to keep in mind when addressing cyber-security risk concerns:

  • Appoint personnel to oversee data privacy and security for the company. Depending on the company's size and operations, these do not have to be full-time roles. Having a point person who understands the company's data assets, and who can help with workforce education, is invaluable.
  • User error is a major source of data breaches. Take simple steps to educate your workforce on security basics such as password creation and management, and identifying email spoofing and phishing attempts.
  • Have a data-incident-response policy that educates personnel on what to look for, whom to call, and how to respond in the event of a suspected data breach.

Related: 12 Tips to Protect Your Company Website From Hackers

Alicia Gilleskie

Partner at Smith Anderson

Alicia Gilleskie leads the data use, privacy and security practice at Smith Anderson of Raleigh, N.C., advising clients on the rapidly evolving data-regulatory landscape, including data-breach response matters and regulatory enforcement actions following an alleged breach. She also regularly prepares and negotiates complex IT license and outsourcing arrangements involving the sharing of sensitive information assets, software-as-a-service, software and content licenses, website development and hosting relationships, and many other types of technology-related contracts.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Business News

James Clear Explains Why the 'Two Minute Rule' Is the Key to Long-Term Habit Building

The hardest step is usually the first one, he says. So make it short.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business Solutions

Grab Microsoft Project Professional 2021 for $20 During This Flash Sale

This small investment is well worth the time it will save your team in organizing and monitoring project work.

Business News

Microsoft's New AI Can Make Photographs Sing and Talk — and It Already Has the Mona Lisa Lip-Syncing

The VASA-1 AI model was not trained on the Mona Lisa but could animate it anyway.

Data & Recovery

This File Backup Tool Subscription Is $25 for Life for One Week Only

AOEMI Backupper Professional is designed to protect, store, and transfer user's files for them.