Data Breaches & The Internet of Things

The explosive growth of Internet-connected devices, the Internet of Things (IoT), creates new pathways for attack for hackers, and expands the possibilities of the kinds of data that can be compromised. The question before policymakers is whether new laws are needed to protect consumers and to govern disclosure of data breaches.

At a May 10 American Bar Association event, Federal Trade Commission Associate Director for Privacy and Identity Protection Maneesha Mithal said that, on the consumer side, the "ubiquitous data collection" creates new risks for consumers, and the voluminous data creates "treasure troves for hackers." 

Naomi Lefkowitz, a senior privacy policy advisor at the National Institute of Standards and Technology, said, "there will be no perfect privacy," adding that communication and disclosure, based on standards, can help address privacy and security concerns.

Mithal said the new risks posed by IOT, such as companies' not fully informing consumers about their data collection practices and not adequately securing consumer information, require legislative solutions.
"I do believe we need additional legislation to perform federal data security and data breach notification legislation that would apply across-the-board to all companies, including IOT," she said.

Currently, there is no single data breach notification standard that applies nationwide. US states create their own laws that cover their residents and businesses. Under the Obama administration, several efforts were initiated by the White House and in Congress to push a federal standard, but no new law resulted.

Ruth Hill Bro, former chair of the American Bar Association section of science and technology law, added that industry would likely support such legislation.
"A lot of companies would welcome having one federal benchmark," for security and data breach notification rather than having to analyse 50 different ones for each state.

FCW:

You Might Also Read: 

Internet of Things Is The Next Big Security Risk:

Internet of Things Will Drive The Digital Revolution of Industry:

Internet of Insecure Things:

 

 

 

« US Reduces Crime Rates Using Effective IT
Industrial Robots Are A Security Weak Link »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Security Compass

Security Compass

Security Compass, the Security by Design Company, enables organizations to shift left and build secure applications by design, integrated directly with existing DevSecOps tools and workflows.

Japan Information Security Audit Association (JASA)

Japan Information Security Audit Association (JASA)

JASA is non-profit association active in developing and managing the quality of Information Security Auditing and Auditors in Japan.

Immersive Labs

Immersive Labs

Immersive Labs have created a kinesthetic learning platform which identifies gaps in your teams cyber skills.

CryptoTec

CryptoTec

CryptoTec is a provider of security concepts and encryption solutions for secure communication between decentralized computerized systems.

BlueKrypt

BlueKrypt

BlueKrypt is a consulting firm for the security of IT systems and their management.

OcuCloud

OcuCloud

OcuCloud protects businesses' valuable information in the cloud, preventing security breaches caused by employees and remote vendors.

Veriff

Veriff

Veriff provides highly-automated identity-verification services that prevent fraud like nothing else on the market.

ReconaSense

ReconaSense

ReconaSense helps protect people, assets, buildings and cities with its next-gen access control and converged physical security intelligence platform.

Open Raven

Open Raven

Open Raven is the cloud native data security platform that prevents breaches driven by modern speed and sprawl. Restore full visibility and regain control within minutes, without agents.

NexGenT

NexGenT

NexGenT have combined military-style training with decades of network engineering and cyber security experience into an immersive program to get people into cyber security fast and effectively.

AVANTEC

AVANTEC

AVANTEC is the leading Swiss provider of IT security solutions in the areas of cloud, content, network and endpoint security.

Digital Silence

Digital Silence

Digital Silence is a world-class provider of information security research and consulting services.

Resourcive

Resourcive

Resourcive is the first Value Added Sourcing “VAS” consultancy. We deliver strategic IT sourcing solutions to mid-market and enterprise clients.

CyberFOX

CyberFOX

CyberFOX is a global cybersecurity solutions provider focused on identity access management (IAM) for managed service providers (MSPs) and IT professionals.

Xeol

Xeol

Software free of vulnerabilities, built and distributed by trusted entities. Our mission is to help customers secure their software from code to deploy.

SysGroup

SysGroup

SysGroup is an award-winning managed IT services, cloud hosting, and IT consultancy provider.