personally identifiable information

After years of debate, Congress last December passed three bills focused on combating cybercrime. President Obama quickly signed each bill into law.

They include:

  • National Cybersecurity Protection Act of 2014. The most notable piece of legislation for the private sector, this Act establishes a framework for private entities and government authorities to share intelligence about cyber threats and incident response plans. However, much to the dismay of many private entities, this stripped-down version of an earlier House bill lacks the liability protections that many companies had desired.
  • Federal Information Security Modernization Act. This Act creates a structure for maintaining safeguards to protect federal government data. It encourages government agencies to use automated security tools to identify and correct security deficiencies, building upon the risk management framework originally established by the Federal Information Security Management Act of 2002. It also requires that agencies report major cyber incidents to Congress within seven days of discovery.

Having no need to brandish bandanas to obscure identity or firearms to force entry, cyber bandits, in a sophisticated and well-orchestrated robbery, waltzed into the IT vaults of Anthem, the second-largest U.S. health insurer, and walked off with personally identifiable information on about 80 million current and former members, a population that comprises Anthem customers,