Some states could follow the New York Shield Act’s lead and set clearer regulatory expectations for reasonable cybersecurity. Election security legislation likely not on the agenda.
Following nationwide elections, a new line-up of state lawmakers will be joining their veteran peers to dig into a host of cybersecurity issues during 2021. Since March, many, if not most, cybersecurity issues at the state level have been derailed so that legislators could grapple with the coronavirus’s overwhelming challenges. Most experts see cybersecurity matters continuing to take a back seat through at least the early months of 2021.
Aside from the pandemic, another factor driving a possible delay in state legislative momentum is the political division throughout the country. “States are going to ask, ‘What’s the likelihood we’re going to pass legislation and it’s going to get overturned at the national level,’” says Aaron Tantleff, a partner focused on cybersecurity and data privacy at Foley and Lardner. “There’s going to be a little more of ‘Let’s wait and see what’s going to happen at the national level.’”
Once the immediacy of the pandemic dissipates and the political heat cools, cybersecurity issues will likely surface again in new or revived legislation in many states, even if weaved throughout other related matters. It’s difficult to separate cybersecurity per se from adjoining issues such as data privacy, which has generally been the biggest topic to involve cybersecurity issues at the state level over the past four years. “You really don’t have this plethora of state cybersecurity laws that would be independent of their privacy law brethren,” Tantleff said.
According to the National Conference of State Legislatures, at least 38 states, along with Washington, DC, and Puerto Rico introduced or considered more than 280 bills or resolutions that deal significantly with cybersecurity as of September 2020. Setting aside privacy and some grid security funding issues, there are two categories of cybersecurity legislative issues at the state level to watch during 2021. The first and most important is spelling out more clearly what organizations need to meet security and privacy regulations. The second is whether states will pick up election security legislation left over from the 2020 sessions.
This article appeared in CSO Online. To read the rest of the article please visit here.