As we bid farewell to the much-anticipated December 18, 2023, deadline set by the Securities and Exchange Commission (SEC), a fresh set of cybersecurity compliance milestones awaits in 2024. Here, we highlight five significant deadlines that demand attention and preparation from cybersecurity professionals.
March 31 – PCI DSS 4.0 Compliance:
The first quarter of 2024 brings the inaugural compliance deadline for Payment Card Industry Data Security Standard version 4.0 (PCI DSS 4.0). Organizations that process credit, debit, or charge card payments must comply with 13 new requirements by March 31, 2024. These include delineating roles and responsibilities, defining the cardholder data environment, adopting a customized compliance approach, and conducting targeted risk analyses. A survival guide for PCI DSS 4.0 compliance is recommended for those navigating the intricacies of these new requirements.
May 13 – FTC Data Breach Reporting Rules:
Starting May 13, 2024, non-banking financial institutions face new data breach reporting obligations under the amended Safeguards Rule by the Federal Trade Commission (FTC). This rule mandates reporting certain breaches to the FTC within 30 days of discovery, particularly those involving unencrypted information of at least 500 customers. Financial institutions, excluding banks and credit unions, must be prepared to adhere to these reporting rules, potentially juggling both FTC and SEC requirements in the event of a breach.
June 15 – SEC Cybersecurity Incident Reporting for Smaller Reporting Companies:
While larger corporations faced a December 18, 2023, deadline, smaller reporting companies have until June 15, 2024, to comply with the SEC's new cybersecurity incident reporting rules. This applies to companies with a public float of less than $250 million or those with less than $100 million in annual revenues combined with specific public float thresholds. The compliance extension aims to ensure that smaller entities meet the same standards as their larger counterparts when disclosing cybersecurity incidents.
July 1 – State Data Privacy Rules in Florida, Oregon, and Texas:
On July 1, 2024, Florida, Oregon, and Texas will implement new state data privacy rules. The Florida Digital Bill of Rights (FDBR) applies to select companies with substantial revenue, while the Oregon Consumer Privacy Act (OCPA) targets companies handling personal data of Oregon residents. The Texas Data Privacy and Security Act (TDPSA) has broad applicability but exempts small businesses. Beyond these three states, Montana and Washington also have upcoming privacy law deadlines in 2024.
Sept. 30 – Federal Agencies' Zero Trust Architecture Goals:
The White House's January 2022 memorandum set a September 30, 2024, deadline for federal agencies to achieve zero trust architecture goals. Aligning with the Cybersecurity and Infrastructure Security Agency's Zero Trust Maturity Model, federal agencies must complete 19 specific tasks focusing on identity, devices, networks, applications, and data security. While these requirements directly impact federal agencies, private organizations working with the government can gain valuable insights from the implementation of zero-trust architecture.
Conclusion:
As organizations embrace the new year, these cybersecurity compliance deadlines in 2024 demand proactive measures and strategic planning. It requires a comprehensive understanding of the specific requirements outlined by each deadline.
Team up with Network 512, a top-notch Cybersecurity and Managed IT Services provider in Austin, Texas. We specialize in making compliance easy with our Compliance-as-a-Service offering. Our team at Network 512 will work closely with your organization, creating personalized solutions to guide you through the complex compliance landscape. And with our experience, we'll help you develop and put into action strategies that keep your organization safe and compliant as the cybersecurity world progress.
