Emily Westridge Black in Law360: Obama Cybersecurity Blitz May Lessen Liability For Breaches


The White House began a push this week for federal legislation that would create a national breach reporting standard and encourage cyberthreat information sharing, measures that attorneys say would reduce companies’ liability for cyberattacks by replacing the dozens of reporting standards that currently exist and providing a shield to companies that divulge threats.

On Tuesday, the White House proposed a legislative framework that would provide “targeted liability protection” to companies that share cyberattack data with the government. The move came a day after President Barack Obama unveiled several additional proposals, including the establishment of a national breach reporting standard that would require companies to alert consumers of a data breach within 30 days of the discovery of the incident ...

“Having a unified national standard that preempts state laws is in everyone's interest because it improves efficiency for companies and clarity for consumers,” Haynes and Boone LLP associate Emily Westridge Black said. “The goal of a notification law is to get people the information they need to protect themselves in the most timely and efficient manner possible, and having a unified standard accomplishes that goal.”

Confusion over when the clock for data breach notification begins and whether there are any safe harbors that would allow companies to delay or escape their obligations could also chip away at the potential liability benefits of the administration's proposal, attorneys say.

Excerpted from Law360 on January 14, 2015 (subscription required).

Related Practices

Email Disclaimer