States Ascendant in Standards for Data Privacy and Cybersecurity: How to Prepare

March 13, 2019 Mayuri Kumar

State governments are not waiting for the United States Congress to pass a comprehensive national set of data privacy and cybersecurity standards. Each of the 50 states now has its own breach notification laws, with nearly one-half adopting data security and/or data disposal requirements to protect consumers’ personally identifiable information (PII) from unauthorized disclosure. While most states are not taking a sectorial approach to the type of PII that must be protected, New York and South Carolina have adopted cybersecurity requirements that target industries that include health plans and insurers.

A number of state attorneys general (AGs) are bringing enforcement actions to protect consumer information from unauthorized disclosure. AGs in Massachusetts, New York, and New Jersey have been extremely aggressive, collecting millions of dollars in settlements from healthcare systems and an assortment of IT services vendors for failing to safeguard data containing sensitive personal information.

David Holtzman's comments are featured in this article.

Previous Content
Measuring Progress: Expanding the Horizon | 2019 Annual Report
Measuring Progress: Expanding the Horizon | 2019 Annual Report

CynergisTek's second annual report analyzed the results of assessments at hundreds of healthcare organizati...

Next Article
President's Proposed 2020 Budget: Impact on Cybersecurity
President's Proposed 2020 Budget: Impact on Cybersecurity