New Cybersecurity Regulations in the US – 2019

Computer and cybersecurity crimes are mainly prosecuted under CFFA i.e., Computer Fraud and Abuse Act.

This act criminalizes malware, DDoS attacks, electronic theft, identity theft, and hacking. Law breakers are likely to get prison-time of up to 20 years, a fine, restitution, and/or criminal forfeiture. In addition to that, in specific circumstances, the CFFA permits the sufferer of cybercrimes to launch the private civil actions in response to the violation for injunctive, equitable relieves, or other compensatory damages.

While that all sounds great, if you are trying to prevent a cybercrime from happening to you, but are you even aware of what constitutes criminal offences in the US?

Could you be falling under the category of cyber criminal unbeknownst to you?

What is a Cybercrime?
A cybercrime is defined the unauthorized access (i.e., hacking), phishing, denial-of-service attacks, use or possession of hardware, malware (e.g. ransomware and viruses), cybercrime tools (i.e., hacking tools), Identity fraud or identity theft, and electronic theft (i.e., criminal copyright infringement or breach of confidence by any former or current employee) constitute the criminal offences in the US.

Notably this would include any form of online impersonation, unauthorized access to a co-worker’s screen or being in possession of spyware that is in fact malware.

The revised and/or latest cybersecurity laws in the US in 2019 include CCPA, National Breach Notification Law, NIST Small Business Cybersecurity Act, ENCRYPT Act, CLOUD Act among others

All good? Not a cyber gangster?

Great, have a flick through the major legal updates in regulations and be informed :

California Privacy Act

The CCPA i.e., California Consumer Privacy Act is a bill, which boosts consumer protection and privacy rights for the residents of California. The bill was passed in the year 2018 but will only go into action next year.

The law is specifically geared towards issues in data sharing. The accountabilities and responsibilities of the bill include the right to say No to the sale of private information.

The new rights given to California consumers, as of 2020, are similar to the rights provided in the European Union’s General Data Protection Regulation (GDPR).

The CCPA will also be making in some large wads of cash by way of fines, injunctions and class-action lawsuits to non-compliant businesses.    

NIST Small Business Cybersecurity Act

The majority of small businesses and enterprises rely on I.T. to operate their companies and to transmit, process and store the information.

The NIST Small Business Cybersecurity Act protects that information from modification, deletion, use, or unauthorized disclosure.

With so many businesses moving their operations to become increasingly dependent on IT, this is an Act that provides at least some security for SMB owners.

ENCRYPT Act

The ENCRYPT Act is controversial as it brings into play the two highly charged issues of privacy and security.

Encryption, the technology employed to secure the data on computers and phones and keep the digital messages secure from eavesdroppers, was developed without the criminals in mind.

Why?

Because it protects them too.

The ENCRYPT Act wants technical organizations to purposefully weaken the encryption so that law enforcement can get their hands on the content of encrypted messages and data with greater ease.

Cyber Diplomacy Act

The bill was introduced in the year 2017 and has now moved on for the approval to the Senate.

If it gets signed into a law, the state or government would be required to implement and secure commitments from the other countries in an appropriate cyberspace, this will get everyone on board when it comes to cybersecurity procedures.