Heads Up! New Privacy Laws - Cybersecurity & Data Management

Heads Up! New Privacy Laws

Are Governments Finally Getting Around to Data Privacy and Security? 

If you feel like big tech seems to be all over the news lately, you would be right. There have been multiple cases in 2019 regarding big tech companies’ market share, as well as the power over users’ data. In 2019, technology has become an integral part of every part of our lives. And what does that mean? There is a lot of data to keep track of. For that reason, governments are finding it necessary to regulate how that data is being used and taken care of. 

Privacy

Policy is catching up to big tech, as government tries to defend its’ citizens’ privacy. The latest news is from Facebook, who agreed to pay the largest fine the FTC has ever served–$5 billion–after a policy oversight came to light. Trump’s first loan is starting to look like chump change (that never gets old).

Lawmakers are seeing the necessity of enacting data privacy laws to protect Americans from the monopoly that large technology companies–like Google and Facebook–currently have on user data. 2.41 billion users sign on to Facebook each month–that is a lot of data. And in previous years, there had been little said about what companies couldn’t do with user information. Recently, policymakers have been working to enact laws to prohibit free-reign in user data, and some states have succeeded in laying down basic privacy laws. To get the ball rolling, the EU passed the GDPR a little over one year ago, which has given other governments a foundation on which to build their own privacy laws, copying sections to their liking. Things like steep fines for violations of policies and the customer’s right to access and delete their data are points that governments are looking to copy. 

We are starting to see the federal government taking larger steps towards data privacy policies, like when the FTC fined Facebook. The $5 billion fine is the largest penalty for privacy and security reasons in the world, nearly 20x more than the next largest fine. With a record breaking fine, it looks like the federal government may be making a more forward position in the regulation of IT services.

Security

Governments are also looking to establish data security policies, to encourage more accountability from the company to the customers. In early 2019, a bug was discovered in Zoom’s software (a video-conferencing service), and the engineer that discovered the issue contacted Zoom. However, it took Zoom over 3 months to release an update, leaving customer information vulnerable to fraudsters for far too long. Incidents like this are reasons why governments feel the need for policy on data security.

One of the first states to pass a law on software management was California. This law pertains specifically to IoT devices (Internet of Things), because those companies are notoriously known for neglecting software updates after the initial purchase; Quality control departments are frequently underfunded, making troubleshooting processes superficial at best, and slow to discover bugs. Additionally, considering that the longer software is alive, the more complicated it becomes (because the number of users, the updates needed to stay compliant with other software, etc), companies need to continually divert more funds to support it. New security laws which define penalties, would encourage companies to allot more of their budgets to troubleshooting and patching bugs, and to continue allocating money as the project becomes more complex. 

Consider the Capital One data breach. The hacker was able to gain access to over 100 million customer’s financial information because of a server-misconfiguration. If Capital One had been more careful, a lot of private financial information could have been spared, including 140,000 SSNs. Now, Congress is asking for an explanation. Depending on their findings, Capital One or Amazon (who hosted the server) could face substantial fines. 

What does this mean for you?

Getting ahead of the game could be good for your company in two ways: 1) save you money from fines you would receive because you were not in compliance, and it will increase your customer ratings. 

One of the best ways to integrate privacy and security policies into company processes is from a ground up approach. If you have implemented them from the beginning, it will be much easier to build upon and expand later, whether that is in the software you are creating, or the service you are providing. 

 

SOURCES:

https://hbr.org/2019/07/new-laws-on-data-privacy-and-security-are-coming-is-your-company-ready

https://www.cnbc.com/2019/05/23/gdpr-one-year-on-ceos-politicians-push-for-us-federal-privacy-law.html