On March 15, 2022, President Biden signed into law the 2022 Consolidated Appropriations Act containing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “Cyber Incident Reporting Act”). While President Biden’s remarks highlighted the $13.6 billion in funding “to address Russia’s invasion of Ukraine and the impact on surrounding countries,” the 2022 Consolidated Appropriations Act contained numerous other laws, including the Cyber Incident Reporting Act, which should not be overlooked. The Cyber Incident Reporting Act puts in motion important new cybersecurity reporting requirements that will likely apply to businesses in almost every major sector of the economy, including health care, financial services, energy, transportation and commercial facilities. Critical infrastructure entities should monitor the upcoming rule-making by the Cybersecurity and Infrastructure Security Agency (“CISA”), as the final regulations will clarify the scope and application of the new law.
New York is the latest state to adopt a law that requires businesses that collect private information on its residents to implement reasonable cybersecurity safeguards to protect that information. New York now joins California, Massachusetts and Colorado in setting these standards. New York’s law mandates the implementation of a data security program, including measures such as risk assessments, workforce training and incident response planning and testing. Businesses should immediately begin the process to comply with the Act’s requirements effective March 21, 2020 ...
Blog Editors
Recent Updates
- Video: Biden’s Final Labor Moves - Employment Law This Week
- Video: Workplace Investigation Protocols - One-on-One with Greg Keating
- Differing Approaches to Earned Wage Access Programs Lead to Regulatory Conflict
- Podcast: Beyond Non-Competes - IP and Trade Secret Assessment Strategies for Employers – Employment Law This Week
- On Trend: New Jersey Hops on the Pay Transparency Bandwagon