And a legislation review.
The new bipartisan Cyber Incident Notification act has been introduced that would compel some companies to report being breached. Per CNBC:
“The proposed bill would introduce a new disclosure requirement for federal agencies, federal contractors and critical infrastructure companies to notify the Department of Homeland Security when they identify a breach of their systems. It also gives those companies limited immunity when they report a breach — for instance, shareholders could not gain access to the disclosed information to use as evidence in a lawsuit. It also would require DHS to anonymize personally identifiable information.”
The Federal Trade Commission has also formally pledged to take on unlawful “right to repair” restrictions in a policy statement Wednesday.
And over at the Department of Justice, the administration has picked Jonathan Kanter, a leading anti-trust voice particularly around Google, as the lead on anti-trust.
In Israel, in reaction to the software sold by NSO Group used to spy on journalists and officials (and reported yesterday), is considering changes to the export policy used to allow the software to be developed and sold.
Why do we care?
Trend wise, it’s the march to regulation. Sure, that disclosure law starts with big companies. It’s just a matter of time before it trickles down, or gets replicated via insurance requirements.
The mood of legislatures is to take action. There has been a chorus of “not in my backyard” from a section of providers this week – but their assumption appears to be that they can ignore this trend and it magically goes away.
I disagree. I’ll be reporting back over time to see how this actually plays out.