ABSTRACT
The risks associated with data security and privacy law failures are myriad. The most obvious and familiar is data breach, and its associated financial and legal liabilities, including state government-required reporting. The payment card industry (PCI) imposes additional standards for the use of credit card data. Business to business (B2B) and business to consumer (B2C) contracts may impose obligations on companies to maintain certain cybersecurity minimums standards and/or leave an open obligation to comply with industry standards, generally or with regard to specific named standards. Recognizing the need to address cybersecurity incidents that affect the US Government, the US Congress has passed two different acts both with Federal Information Security Modernization Act to improve the information security posture of systems used by the US Government for information processing. While the US Government has no general-purpose cybersecurity or privacy regulations, it has directed the creation of a cybersecurity framework.
