Together with some other U.S. Senators who have offered data security laws in recent years, Senate Majority Leader Harry Reid introduced S.21 on January 25. The bill, a "sense of Congress" bill, urges the passage of a comprehensive law to address cybersecurity, without making any changes to current law.

This bill is important in that it acknowledges the critical role information technology plays in the U.S. economy:

With information technology now the backbone of the United States economy, a critical element of United States national security infrastructure and defense systems, the primary foundation of global communications, and a key enabler of most critical infrastructure, nearly every single American citizen is touched by cyberspace and is threatened by cyber attacks.

Congress "has the sense" that a future law should serve at least 10 critical goals, such as:

  • provide incentives to the private sector to quantify, assess, and mitigate cybersecurity risks to their communications and information networks;
  • promoting investments in the American information technology sector to create jobs;
  • preventing and mitigating identity theft and guarding against abuses or breaches of personally identifiable information;
  • protect federal government communications from cyber attack; 
  • maintaining robust protections of the privacy of American citizens and their online activities and communications;
  • protecting and increasing the resiliency of U.S. critical infrastructure and assets, such as the electric grid, military assets, financial sector and telecommunications networks; and
  • enhancing international cooperation on cybersecurity to promote free access and fight cybercrime.

Will a new law follow?

Maybe. It will take some time as Committees and federal agencies jockey for position, although it seems this "sense of Congress" will advance the ball further than it has been.

The advice to companies, business leaders, professionals and others, however, is "Don’t wait!" Many states already have data security laws in effect and, even without those laws, all businesses have sensitive company proprietary to safeguard. 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Joseph J. Lazzarotti Joseph J. Lazzarotti

Joseph J. Lazzarotti is a principal in the Tampa, Florida, office of Jackson Lewis P.C. He founded and currently co-leads the firm’s Privacy, Data and Cybersecurity practice group, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the…

Joseph J. Lazzarotti is a principal in the Tampa, Florida, office of Jackson Lewis P.C. He founded and currently co-leads the firm’s Privacy, Data and Cybersecurity practice group, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the International Association of Privacy Professionals. Trained as an employee benefits lawyer, focused on compliance, Joe also is a member of the firm’s Employee Benefits practice group.

In short, his practice focuses on the matrix of laws governing the privacy, security, and management of data, as well as the impact and regulation of social media. He also counsels companies on compliance, fiduciary, taxation, and administrative matters with respect to employee benefit plans.

Privacy and cybersecurity experience – Joe counsels multinational, national and regional companies in all industries on the broad array of laws, regulations, best practices, and preventive safeguards.

Benefits counseling experience – Joe’s work in the benefits counseling area covers many areas of employee benefits law.

Joe speaks and writes regularly on current employee benefits and data privacy and cybersecurity topics and his work has been published in leading business and legal journals and media outlets, such as The Washington Post, Inside Counsel, Bloomberg, The National Law Journal, Financial Times, Business Insurance, HR Magazine and NPR, as well as the ABA Journal, The American Lawyer, Law360, Bender’s Labor and Employment Bulletin, the Australian Privacy Law Bulletin and the Privacy, and Data Security Law Journal.