Data Breaches & The Internet of Things

The explosive growth of Internet-connected devices, the Internet of Things (IoT), creates new pathways for attack for hackers, and expands the possibilities of the kinds of data that can be compromised. The question before policymakers is whether new laws are needed to protect consumers and to govern disclosure of data breaches.

At a May 10 American Bar Association event, Federal Trade Commission Associate Director for Privacy and Identity Protection Maneesha Mithal said that, on the consumer side, the "ubiquitous data collection" creates new risks for consumers, and the voluminous data creates "treasure troves for hackers." 

Naomi Lefkowitz, a senior privacy policy advisor at the National Institute of Standards and Technology, said, "there will be no perfect privacy," adding that communication and disclosure, based on standards, can help address privacy and security concerns.

Mithal said the new risks posed by IOT, such as companies' not fully informing consumers about their data collection practices and not adequately securing consumer information, require legislative solutions.
"I do believe we need additional legislation to perform federal data security and data breach notification legislation that would apply across-the-board to all companies, including IOT," she said.

Currently, there is no single data breach notification standard that applies nationwide. US states create their own laws that cover their residents and businesses. Under the Obama administration, several efforts were initiated by the White House and in Congress to push a federal standard, but no new law resulted.

Ruth Hill Bro, former chair of the American Bar Association section of science and technology law, added that industry would likely support such legislation.
"A lot of companies would welcome having one federal benchmark," for security and data breach notification rather than having to analyse 50 different ones for each state.

FCW:

You Might Also Read: 

Internet of Things Is The Next Big Security Risk:

Internet of Things Will Drive The Digital Revolution of Industry:

Internet of Insecure Things:

 

 

 

« US Reduces Crime Rates Using Effective IT
Industrial Robots Are A Security Weak Link »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Tresorit

Tresorit

Tresorit helps teams to collaborate securely and easily by protecting their data with end-to-end encryption.

CrowdStrike

CrowdStrike

CrowdStrike is a global provider of security technology and services focused on identifying advanced threats and targeted attacks.

DataLocker

DataLocker

DataLocker offers both hardware based external storage and software based cloud storage encryption solutions.

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

OGCIO supports the development of community-wide information technology infrastructure and setting of technical and professional standards to strengthen Hong Kong’s position as a world digital city.

Bright Machines

Bright Machines

Bright Machines delivers intelligent, software-defined manufacturing by bringing together our flexible factory robots with intelligent software, production data and machine learning.

DataDome

DataDome

DataDome offers real-time AI protection against all OWASP automated threats, including credential stuffing, layer 7 DDoS attacks, SQL injection & intensive scraping.

AU10TIX

AU10TIX

AU10TIX’s smart forensic-level ID authentication technology links physical and digital identities, meets compliance mandates, and ensures your customers know their trust and safety come first.

Voodoo Security

Voodoo Security

Voodoo Security is a specialized information security consulting firm focused on security assessments, risk and compliance analysis, and cloud security.

R3I Ventures - House of DeepTech

R3I Ventures - House of DeepTech

The House of DeepTech is an incubator for deeptech entrepreneurs that are transforming global industries. Areas of interest include cybersecurity.

Futurae Technologies

Futurae Technologies

Futurae - enabling trust and invisible security for your users on all devices and applications. Strong customer authentication (SCA) made easy.

Mr Backup (MRB)

Mr Backup (MRB)

MRB offers Data Protection as a Service for businesses looking to reduce the time, cost and complexity of securing your company data.

Gatefy

Gatefy

Getfy is a cybersecurity company specialized in artificial intelligence and machine learning. We work to solve challenging issues, especially those involving email security.

IONOS

IONOS

IONOS is a leading provider of cloud infrastructure, cloud services, and hosting with more than 8.5 million customers contracts.

Turk Telekom

Turk Telekom

Turk Telekom is the first integrated telecommunications operator in Turkey.

Bastazo

Bastazo

Bastazo provides tools for vulnerability and patch management. Focus your cybersecurity operations on vulnerabilities with the highest risk of exploitation.

CipherStash

CipherStash

CipherStash is a complete data governance and breach prevention platform.