In a recent blog by the International Association of Privacy Professionals, two privacy experts wrote that “the obligation of data custodians to protect the confidentiality, integrity and availability of the personal information they hold is becoming increasingly complex.” This important claim is worth further consideration, as the United States does not have a comprehensive federal cybersecurity protection policy. Instead, there have been dramatic changes with respect to state laws, all the way to federal agency oversight. The potential changes to future cybersecurity regulations and policies are as undetermined as they have ever been.
Before 2023, privacy experts followed state laws for cybersecurity. Some states, like Connecticut, had stronger protections than others, like Ohio. Recently, the Securities and Exchange Commission (SEC) made a rule that public companies must report cybersecurity breaches within four days. This makes the SEC a new key player in cybersecurity, along with other agencies like the Department of Homeland Security and its Cybersecurity and Infrastructure Security Agency.
The previous year saw increased state activity on the cybersecurity front. Following their federal counterparts, state agencies such as the New York Department of Financial Services introduced new data protection regulations for the organizations it oversees. Additionally, there was an overall increase in the number of individuals and government representatives suing for data breaches, state/federal wiretapping laws and biometrics laws. As it currently stands, cybersecurity protections for AI applications are lagging behind the public adoption of these programs; for this reason, regulators will look to adjust data privacy and cybersecurity laws as this technology advances.
Each of these trends suggests more changes to come in the next few years, including possibly a national cybersecurity plan, but past failures show the U.S. is still far from this. People should keep an eye on major cyber events and stay in touch with their congressional and state offices.