Proposed federal privacy bills captured much attention this summer as a potential consequential change in U.S. data regulation. However, five states recently have enacted new privacy laws that require businesses to implement risk-based security safeguards or risk facing fines. Many of these provisions will go into effect in 2023, and the scope is generally broader than similar security requirements that are already on the books in 23 states. Like the proposed federal bills, these new laws require organizations to implement “reasonable security” to protect data against breaches. This session will provide an overview of these new legal requirements and shed light on what “reasonable security” looks like in this era of ever-evolving cyber threats.
Drew Bagly, Vice President & Counsel, Privacy & Cyber Policy, Crowdstrike