In the year 2014, they were quite a number of security breaches in the U.S which affected customers from various organizations. Among the companies that were affected by security breaches in 2014 were: Dairy Queen, Xbox, Kmart, Sony, JP Morgan, and Home Depot among others. ICANN is another company which was hacked in 2014 and ironically, it is involved in the structure of the internet. On top of that, there were quite a number of security breaches in the government; one on the US State Department, another on the US Military, the United States Post Office and even on the White House. These security threats on the government itself have caused a national outrage among citizens thus prompting the much-needed reforms in cybersecurity laws in the country.
Over the summer of 2014, Schneiderman came up with a comprehensive report which showed that the number of security breaches that were reported in the State of New York between 2006 and 2013 had almost tripled, a trend which was alarming.
Earlier this year, President Obama proposed the putting up of new cybersecurity laws in the U. S. Immediately after this proposal, the New York State Attorney General, Eric T. Schneiderman announced the creation of a new law. He said that this law was expected to be the most comprehensive and the strongest in the whole country. He further argued that the data security law in the State should have been revised a long time ago in order to increase protection for customers. The last time the security law in the State of New York was updated was back in the year 2005. The New York Bill is very similar to the new cybersecurity legislation that was proposed by President Obama, in that it would come with liability protection for any organization that cooperated with the State authority.
In most of the states in the U.S., companies’ are only required to report a theft of passwords and e-mail addresses. Regardless of this, there are still quite a number of companies that report security breaches to authorities in light of upholding transparency in the organization. It is however not a legal requirement to do so.
In case of a security, breach companies are only expected to notify those whose information is compromised and not the authorities. However, this is expected to change with the proposed new cybersecurity legislation.