Cyber risks have grown exponentially since the dawn of the Internet age. In 2012 alone, data breaches and other cyber risks caused $94 million in direct business losses – and that number ignores the indirect losses, such as those from reputation damage and lost business from customers who lost confidence after the data breach incident.
Still, passing legislation to minimize the risk factors that contribute to data breaches has proven difficult.
CISPA: Cyber Security Comes with Privacy Concerns
Last year, Congress considered the Cyber Intelligence Sharing and Protection Act, or CISPA, which would have allowed privately owned companies to share with government bodies information about data security risks they found.
Specifically, the bill would have lifted certain privacy requirements so that companies could alert the Department of Homeland Security and the National Security Administration (NSA) about malicious code or cyber attack threats as they happened. While it passed the House of Representatives, the legislation never made it onto the President’s desk because opponents in the Senate killed it.
Why? They were worried that the flow of consumer data to government entities would jeopardize privacy. With access to so much sensitive information, Congressional opponents of the bill argued, the NSA and DHS could easily use that information for purposes not related to cyber security.
A secondary concern is that, under CISPA, companies that share sensitive data with the government would enjoy significant Cyber Liability protection. In other words, they would be safe from lawsuits brought by customers unhappy that their information had been shared.
Unchanged Cyber Security Bill Unlikely to Pass
Few people expect CISPA to pass this time around, either, in part because the body of the legislation has not been changed at all since its appearance in Congress last year. In addition, President Obama has apparently announced that he would veto the bill even if it did pass the two chambers.
The Future of Cyber Security Legislation
It’s not clear how Congress will address the growing problems of cyber security and Cyber Liability, but this issue is not going away any time soon. With data breach incidents becoming ever more common and traditional security measures (including passwords) being called into question, our lawmakers will have to introduce guidelines for handling breach events even as our technology gurus develop stronger encryption technology.
Writtten by Brenna Lemieux - check her out at Google+ or Twitter