US President signs Better Cybercrime Metrics into law
May 10, 2022 |
It is obvious to anyone practising in the privacy and data security area that reliable statistics about the incidence of cybercrime, the number of people or organisations affected and the cost of those criminal acts are hard to come by. The causes are numerous, victims being unwilling to report crimes, organisations affected by hacks doing their best to keep the publicity to a minimum, differing definitions of certain crimes and the inefficient collation of what data there is.
It is therefore welcome that the US is regularising the collection of data realting to cyber crime and cyber enabled crime. The Act requires:
- not later than 90 days after the date of enactment of the Act, the Attorney General (‘AG’) shall seek to enter into an agreement with the National Academy of Sciences to develop a taxonomy for the purpose of categorising different types of cybercrime and cyber-enabled crime faced by individuals and businesses;
- not later than two years after the date of enactment of this Act, the AG shall establish a category in the National Incident-Based Reporting System, or any successor system, for the collection of cybercrime and cyber-enabled crime reports from federal, state, and local officials; and
- not later than 180 days after the date of enactment of the Act, the U.S. Comptroller General shall submit to the U.S. Congress a report that assesses the effectiveness of the reporting mechanisms for cybercrime and cyber-enabled crime in the US and disparities in reporting data between:
- data relating to cybercrime and cyber-enabled crime; and
- other types of crime data.