Law would fine companies for not complying with security directives
As if companies didn't have enough to worry about, dealing with HIPAA, SOX, GLB, PCI and all the other government and industry regulations that have been imposed on businesses over the last decades, now legislation has been introduced in Congress to give the Department of Homeland Security the authority to levy fines and other penalties on certain companies that don't comply with their cybersecurity directives.
The intent - to make the Internet and network infrastructure more secure and protect everyone from cyberattack - is obviously a noble one, but exactly how the criteria would be established and applied is unclear, and the DHS itself doesn't have a great record when it comes to security issues. Meanwhile, those of us who deal with the companies that fall under this law - AT&T, Verizon, Microsoft, Google, etc. - can expect to see the cost of doing so go up to help cover the expenses involved in adding yet another layer of compliance.
Read more here: