Many people are aware that, in the absence of action by the U.S. Congress, all fifty states have enacted some form of data breach notification laws. However, the state legislatures, and their constituents, are not content with the laws as written, and nine states have passed new and expanded data breach notification laws. The changes include broadening definitions of personal data (New Jersey, Oregon, Washington), expanded breach notification requirements (Massachusetts, Illinois, Oregon, Texas, Washington), increases scope of those covered (Maryland, Maine), and even establishing minimum protections for certain kinds of information (New York). This rapidly changing privacy landscape means that companies must embrace privacy-by-design and security-by-design principles if they are to survive. Without feedback from the Data Privacy Officer and Chief Information Security Officer, companies can waste time and money developing products or solutions that will encounter significant legal and regulatory problems.

Fathom Cyber’s innovative, Enterprise Risk Management-based approach to creating cybersecurity and data privacy programs provides processes and policies that allow the DPO, CISO, and other relevant parties to weigh in on critical business decisions before the wrong decision is made. Contact Fathom Cyber to learn more about how we can help your company succeed.