Data Breaches & The Internet of Things

The explosive growth of Internet-connected devices, the Internet of Things (IoT), creates new pathways for attack for hackers, and expands the possibilities of the kinds of data that can be compromised. The question before policymakers is whether new laws are needed to protect consumers and to govern disclosure of data breaches.

At a May 10 American Bar Association event, Federal Trade Commission Associate Director for Privacy and Identity Protection Maneesha Mithal said that, on the consumer side, the "ubiquitous data collection" creates new risks for consumers, and the voluminous data creates "treasure troves for hackers." 

Naomi Lefkowitz, a senior privacy policy advisor at the National Institute of Standards and Technology, said, "there will be no perfect privacy," adding that communication and disclosure, based on standards, can help address privacy and security concerns.

Mithal said the new risks posed by IOT, such as companies' not fully informing consumers about their data collection practices and not adequately securing consumer information, require legislative solutions.
"I do believe we need additional legislation to perform federal data security and data breach notification legislation that would apply across-the-board to all companies, including IOT," she said.

Currently, there is no single data breach notification standard that applies nationwide. US states create their own laws that cover their residents and businesses. Under the Obama administration, several efforts were initiated by the White House and in Congress to push a federal standard, but no new law resulted.

Ruth Hill Bro, former chair of the American Bar Association section of science and technology law, added that industry would likely support such legislation.
"A lot of companies would welcome having one federal benchmark," for security and data breach notification rather than having to analyse 50 different ones for each state.

FCW:

You Might Also Read: 

Internet of Things Is The Next Big Security Risk:

Internet of Things Will Drive The Digital Revolution of Industry:

Internet of Insecure Things:

 

 

 

« US Reduces Crime Rates Using Effective IT
Industrial Robots Are A Security Weak Link »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BH Consulting

BH Consulting

BH Consulting we are a vendor independent consulting firm providing market leading range of information security services focused on data protection and cybersecurity.

Phoenix TS

Phoenix TS

Phoenix TS offers world-class management, computer, and IT security certification training courses.

Surrey Centre for Cyber Security (SCCS)

Surrey Centre for Cyber Security (SCCS)

The Centre focuses on three main research directions - Privacy and Data Protection, Secure Communications, and Human-Centred Security.

Trust Guard

Trust Guard

Trust Guard services provide complete security for your website.

Nubo Software

Nubo Software

Nubo’s Virtual Mobile Infrastructure creates a virtual corporate device on your employee smartphones and tablets. Enable unlimited mobility without leaving any data at risk.

CyberSure

CyberSure

CyberSure is a programme of collaborations and exchanges between researchers aimed at developing a framework for creating and managing cyber insurance policy for cyber systems.

Centro de Gestion de Incidentes Informaticos (CGII)

Centro de Gestion de Incidentes Informaticos (CGII)

CGII is the Computer Incident Management Center of the State of Bolivia.

Ensign InfoSecurity

Ensign InfoSecurity

Ensign InfoSecurity is Southeast Asia’s largest pure-play cybersecurity firm.

Level Effect

Level Effect

Level Effect is developing new capabilities to bring a unique perspective on proactive network defense and advanced security analytics.

GroupSense

GroupSense

GroupSense helps governments and enterprises take control of digital risk with cyber reconnaissance, counterintelligence and monitoring for breached credentials.

The Cyber AB

The Cyber AB

The Cyber AB is the official accreditation body of the Cybersecurity Maturity Model Certification (CMMC) Ecosystem.

Perch Security

Perch Security

Perch is a co-managed threat detection and response platform backed by an in-house Security Operations Center (SOC).

Accurics

Accurics

Accurics enables self-healing cloud native infrastructure by codifying security throughout your development lifecycle.

OnSecurity

OnSecurity

OnSecurity replaces the overhead of traditional penetration testing firms with a simple online interface, making it easy to book tests as and when needed.

Sekoia.io

Sekoia.io

Sekoia.io is a European cybersecurity company whose mission is to develop the best protection capabilities against cyber-attacks.

Collabera Digital

Collabera Digital

Collabera Digital engineer the next generation of solutions that power tech-forward organizations and create an impact on people and communities.