With the increasing number of incidents related to cybersecurity and data privacy, we have also seen an increased amount of activity on these topics from Congress and various regulatory institutions in the U.S. This activity no doubt will have an impact on both U.S. and global businesses.
For example, both the House and Senate have taken significant action in the past month alone to move forward cybersecurity legislation, which demonstrates a clear commitment by Congress to address these issues. Specifically, the House passed four cybersecurity bills on July 28, 2014, and the Senate has several areas of cybersecurity policy in the works, for which we may see action in the coming months. Detailed information can be found in our recent publication on this topic.
Regarding activity by regulatory institutions, the Securities and Exchange Commission (SEC) continues to deliver the message that boards must go above and beyond industry standards and adopt policies that specifically address cybersecurity threats. The Federal Financial Institutions Examination Council (FFIEC) has recently announced several actions, including establishing a working group and pilot program designed to address and assess cybersecurity issues. Finally, the Federal Trade Commission’s (FTC) authority to regulate data security practices has come under review in federal court. Detailed information can be found in our recent publication on this topic.