Together with some other U.S. Senators who have offered data security laws in recent years, Senate Majority Leader Harry Reid introduced S.21 on January 25. The bill, a "sense of Congress" bill, urges the passage of a comprehensive law to address cybersecurity, without making any changes to current law.
This bill is important in that it acknowledges the critical role information technology plays in the U.S. economy:
With information technology now the backbone of the United States economy, a critical element of United States national security infrastructure and defense systems, the primary foundation of global communications, and a key enabler of most critical infrastructure, nearly every single American citizen is touched by cyberspace and is threatened by cyber attacks.
Congress "has the sense" that a future law should serve at least 10 critical goals, such as:
- provide incentives to the private sector to quantify, assess, and mitigate cybersecurity risks to their communications and information networks;
- promoting investments in the American information technology sector to create jobs;
- preventing and mitigating identity theft and guarding against abuses or breaches of personally identifiable information;
- protect federal government communications from cyber attack;
- maintaining robust protections of the privacy of American citizens and their online activities and communications;
- protecting and increasing the resiliency of U.S. critical infrastructure and assets, such as the electric grid, military assets, financial sector and telecommunications networks; and
- enhancing international cooperation on cybersecurity to promote free access and fight cybercrime.
Will a new law follow?
Maybe. It will take some time as Committees and federal agencies jockey for position, although it seems this "sense of Congress" will advance the ball further than it has been.
The advice to companies, business leaders, professionals and others, however, is "Don’t wait!" Many states already have data security laws in effect and, even without those laws, all businesses have sensitive company proprietary to safeguard.