The threat to cybersecurity has evolved more rapidly than the technologies and processes available to defend our most sensitive information, and the speed with which new threats are ­emerging is leaving the legal framework that governs data privacy and security in the dust.

When data breaches began to seep into general public consciousness some time in 2013, the incidents garnering public attention tended to fall into one of two categories. The first and most widely appreciated category was breaches obviously motivated by financial gain. The poster child for this category is the large-scale retailer breach, including the attacks on The Home Depot Inc., Target Corp., Neiman Marcus Group Ltd. LLC and others. Hackers penetrated these retailers' networks to steal financial and other personally identifying information and subsequently sell that information on the black market.

The second category involves breaches of U.S. government organizations orchestrated chiefly by foreign governments (along with state-affiliated criminal networks) in order to steal government secrets for military, intelligence, economic or other foreign policy gains. The most recent example of this type of breach was the brazen attack on the networks of the U.S. Office of Personnel Management, likely launched by hackers employed by or affiliated with the Chinese government, which compromised the personnel security files, including fingerprint records, of millions of current and former federal employees.