Small businesses provide a significant positive impact on the American economy. However, the current fragmented federal and state data protection and breach notification legal scheme puts the viability of small businesses at risk. While the probability of data breaches occurring continues to increase, small businesses lack the financial and technological resources to contend with the various state and federal laws that impose different monetary penalties and remedial requirements in the event of such breaches. To preserve the viability of small businesses, Congress should enact a centralized, multi-tiered federal data protection and breach notification framework that preempts state laws, imposes minimum cybersecurity standards, and in the event of a data breach, delineates penalties and remediation requirements. Such standards and requirements should be scaled proportionally, while taking into consideration factors such as the size of a business and its financial resources. The federal framework should be promulgated and enforced by a specialized federal cybersecurity governance organization.
SAVING SMALL BUSINESS FROM THE BIG IMPACT OF DATA BREACH: A TIERED FEDERAL APPROACH TO DATA PROTECTION LAW,
14 Brook. J. Corp. Fin. & Com. L.
Available at: https://brooklynworks.brooklaw.edu/bjcfcl/vol14/iss2/8
Administrative Law Commons, Commercial Law Commons, Communications Law Commons, Computer Law Commons, Consumer Protection Law Commons, European Law Commons, Insurance Law Commons, Internet Law Commons, Legislation Commons, National Security Law Commons, Science and Technology Law Commons, State and Local Government Law Commons