April Wimberg Discusses the Need for Federal Cybersecurity Laws
According to Louisville Business First, in the wake of recent high-profile cyber breaches at Target Brands Inc., The Home Depot Inc., Sony Pictures Entertainment and Morgan Stanley investment firm, U.S. companies are scrambling to create their own corporate cybersecurity plans.
Companies in Kentucky and elsewhere that maintain information-rich consumer databases are increasingly uneasy as news of breaches becomes an almost daily occurrence. “It’s something that I do think is a big concern out in the community,” said Bingham Greenebaum Doll LLP attorney April A. Wimberg during a recent interview with the publication.
Kentucky was the 47th state to pass cybersecurity legislation with the passing of state law KRS 365.732 in 2014. Kentucky House Bill 232 created specific guidelines for businesses to notify individuals if the security of their personal information was breached, or thought to have been breached, and the breach could potentially lead to identity theft or fraud by a business entity. However, there is no overarching federal cybercrime law, though there are rumblings in Congress about it. Very little case law exists on cybersecurity either.
“There are a lot of state laws,” Wimberg said, “and it’s almost begging for a federal law for companies that operate in multiple states.”
Fortunately, there are steps that employers can take to minimize cybersecurity risk. Wimberg shared tips for reducing electronic data breach liability risks in a recent blog post, which can be read here.
Wimberg focuses her practice in bankruptcy matters and creditors’ rights, as well as complex commercial litigation. She also has an extensive background in corporate finance and strategy.