VLP Partner Melissa Krasnow Quoted in the Bloomberg Law Article “Federal Cyber Breach Reporting Rules Reach an Uneasy Balance”
VLP Partner Melissa Krasnow was quoted in the Bloomberg Law Article “Federal Cyber Breach Reporting Rules Reach an Uneasy Balance.”
This article discusses the new Federal Trade Commission data breach notification rules which underline the growing tension between the government’s efforts to increase its understanding of national cybersecurity threats and reduce overlap among dozens of reporting regulations.
According to Ms. Krasnow, the updated Safeguards Rule is “extending the Federal Trade Commission’s reach” for regulating cybersecurity onto a new set of businesses that will have to update their incident response plans in compliance.
The changes will affect businesses covered by the Gramm-Leach-Bliley Act of 1999, including payday lenders, insurance providers, loan collection agencies, and tax preparation firms.
“A lot of entities which may not have thought of themselves as being regulated would be regulated. The issue is whether they’re aware they’re regulated and are complying,” Ms. Krasnow said.
The FTC’s new reporting requirements will take effect six months after the agency publishes the amendments in the Federal Register. That means companies have some time to determine whether they’re regulated and how best to comply, according to Ms. Krasnow.
Data breach reports will need to include details explaining what categories of information were breached, for how long, and an estimated number of affected consumers.
Ms. Krasnow said: “A lot of a regulators, including the FTC, often don’t know when there’s noncompliance or lack of compliance until there’s a breach.”
Click here to read the entire article.Share