Brooklyn Journal of Corporate, Financial & Commercial Law


Nadia Udeshi

First Page



Small businesses provide a significant positive impact on the American economy. However, the current fragmented federal and state data protection and breach notification legal scheme puts the viability of small businesses at risk. While the probability of data breaches occurring continues to increase, small businesses lack the financial and technological resources to contend with the various state and federal laws that impose different monetary penalties and remedial requirements in the event of such breaches. To preserve the viability of small businesses, Congress should enact a centralized, multi-tiered federal data protection and breach notification framework that preempts state laws, imposes minimum cybersecurity standards, and in the event of a data breach, delineates penalties and remediation requirements. Such standards and requirements should be scaled proportionally, while taking into consideration factors such as the size of a business and its financial resources. The federal framework should be promulgated and enforced by a specialized federal cybersecurity governance organization.