For the past two years I have predicted that if American businesses did not step up their game on protecting data security, then government would step in and force the issue. Consider how the Affordable Care Act came into being. Health care has been on the government’s agenda since the Clinton administration. The health-care industry spent more than a decade passing the ball to K Street lobbyists, hoping to keep the government at bay. Ultimately — whether right or wrong — the government took action.
Cyber data breaches have been on the radar for well over a decade, and there is no letup on hacking events. Every day new breaches are reported by companies of all sizes — from major financial institutions to local medical practices. Other than breach notification laws, to date, government has issued guidance to businesses. That soft touch appears to be ending. It is no surprise that now New York has stepped to the forefront and proposed actual regulations that will apply to financial institutions. While industry analysts already are panning the proposed regulations, like most government initiatives, there is likely little to stop implementation in some form.