The U.S. House of Representatives Oversight Committee recently released it’s findings on the recent Equifax data breach. You can read the Equifax Oversight Report if it suites you, but we highlighted a number of interesting comments that strongly allude to data compliance regulation in the next 12 to 24 months. Our strong opinion is this regulation will mirror GDPR very closely. Here is why:
1) Calling out the lack of “comprehensive federal data breach notification law.” This is a massive omission to shine a spotlight on if it is not going to be a recommended solution:
2) “Inconsistency” is code word for the need for compliance and new regulations.”Without reasonable delay” is too grey for the oversight committee, where as GDPR requires the supervisory authority to be notified of a data breach within 72 hours of the breach being discovered:
3) As one of the recommendations on the Equifax Oversight report, the committee recommends to “expedite” the development of “cyber security acquisition memorandum” to “provide guidance to federal agencies and acquisition professionals.” In other words, GDPR United States for both the government and the private sector:
The recent data breach news with Marriott led to this quote: “Senator Ron Wyden (D-OR) said American regulators needed powers to issue heavier fines on U.S. companies that have failed to protect citizens’ data. “Clearly, current status quo isn’t working,” he said. “The Federal Trade Commission needs real powers with strong teeth in order to punish companies that lose or misuse Americans’ private information. Until companies like Marriott feel the threat of multibillion-dollar fines, and jail time for their senior executives, these companies won’t take privacy seriously.” While we don’t know if long jail time is going to become a reality, we do see the tea leaves leading to some version of GDPR in the United States in the immediate future. It will be a major news story and debate in 2019. There is some good news, for 3 years Griffin has been preparing for this inevitability. Our SourceONE™Managed Security Services are built to insulate and protect small, medium and enterprise companies with a scalable solution across: software, hardware, people, process and strategy. Simply put, SourceONE™ Managed Security Services fulfills the modern needs of cyber security compliance for any business. SourceONE™ does so at a fraction of the cost to staff up, pay benefits, buy and institute technology with a gold standard cyber security strategy. Feel free to contact us for a risk free assessment, to see if SourceONE™ Managed Security Services is right for you and your business.