In 2017 approximately, 42 US states introduced 240 bills and resolutions related to cybersecurity -- more than double the number in 2016 (during which 104 state bills and resolutions were introduced) -- and at least 27 states enacted related legislation, quotes a leading cyber risk and regulatory compliance firm
Edgile, cyber risk, regulatory compliance, Fortune 500, iGRC update, cybersecurity, privacy compliance, iGRC content platform, 42 US states, EU,GDPR, Equifax, Deloitte, Uber, Data Security, Breach Notification Act, Massachusetts, State of Washington, Illinois, David Deckter, Integrated Risk Management, technology, cloud, Content Managed Service, computer crimes, restricting public disclosure of sensitive data, workforce training
AUSTIN, US : Edgile, a leading cyber risk and regulatory compliance partner to the Fortune 500, recently announced the release of its quarterly iGRC update which adds new state and international sources addressing cybersecurity and privacy compliance to the iGRC content platform.
The report added a number of new state and international law sources in a year that saw some reduction in federal regulation but a significant surge in state and international regulation.
In 2017 approximately, 42 US states introduced 240 bills and resolutions related to cybersecurity -- more than double the number in 2016 (during which 104 state bills and resolutions were introduced) -- and at least 27 states enacted related legislation.
Relaxation at federal level, while state and global actions accelerate
The pace of legislation and enforcement at the state level is the latest evidence of the ever-shifting landscape that US enterprises are facing. Recent actions by Federal agencies suggest a measure of relaxation of enforcement authority in areas impacting consumer information privacy and security.
In the meantime, regulation in the international arena that impacts US businesses -- for example, the EU’s GDPR, which will go into effect in the Spring of 2018 -- has also reinforced the need for businesses to have better processes and technology to manage the regulatory landscape. Adding to the pressure on US businesses: well-publicized breaches sustained by companies such as Equifax, Deloitte, and Uber.
While Congress was finally spurred to take action in the wake of these breaches (the “Data Security and Breach Notification Act” was filed in the Senate in late 2017, state response to the breaches was rapid and varied. In addition to lawsuits filed by consumers, regulatory authorities in several states have filed actions against Equifax and Uber based on violations of state and local information protection laws (see, for example, actions filed in Massachusetts, the State of Washington, and Illinois.
A solution for navigating the fast-evolving landscape
“Where the Federal government has either failed to implement uniform legislation addressing personal information privacy issues, or has retreated from regulatory enforcement of existing privacy protections, states have moved to fill the void by enacting their own legislation and strengthening enforcement efforts to protect the privacy interests of their citizens,” said Edgile Partner David Deckter. “At the same time, foreign countries' concerns over information privacy and security continue to rise. With the new updates in the iGRC content platform, businesses can be brought up to speed quickly to reduce exposure to serious regulatory risk.”
The iGRC content platform is a key offering in Edgile’s Integrated Risk Management (IRM) practice, which enables companies to modernize their governance, risk and compliance programs through industry-leading models, approaches and accelerators which significantly improve the effectiveness of risk management practices throughout the entire technology estate, whether on-premises or in the cloud. The companys iGRC Content Managed Service powers the regulatory programs of institutions, including six of the top banks and seven top hospitals, by providing clients with streamlined access to the latest regulations and tools to efficiently stay in compliance.
“More and more, businesses will need to rely on services that leverage great expertise as well as technology to manage the new regulatory landscape,” said Deckter.
He added that iGRC delivers both at a time of great change and uncertainty on the regulatory front.
New bills and resolutions introduced in 2017 spanned a wide range of activities including the targeting of computer crimes, restricting public disclosure of sensitive data, and the implementation of workforce training.