Data Breaches & The Internet of Things

The explosive growth of Internet-connected devices, the Internet of Things (IoT), creates new pathways for attack for hackers, and expands the possibilities of the kinds of data that can be compromised. The question before policymakers is whether new laws are needed to protect consumers and to govern disclosure of data breaches.

At a May 10 American Bar Association event, Federal Trade Commission Associate Director for Privacy and Identity Protection Maneesha Mithal said that, on the consumer side, the "ubiquitous data collection" creates new risks for consumers, and the voluminous data creates "treasure troves for hackers." 

Naomi Lefkowitz, a senior privacy policy advisor at the National Institute of Standards and Technology, said, "there will be no perfect privacy," adding that communication and disclosure, based on standards, can help address privacy and security concerns.

Mithal said the new risks posed by IOT, such as companies' not fully informing consumers about their data collection practices and not adequately securing consumer information, require legislative solutions.
"I do believe we need additional legislation to perform federal data security and data breach notification legislation that would apply across-the-board to all companies, including IOT," she said.

Currently, there is no single data breach notification standard that applies nationwide. US states create their own laws that cover their residents and businesses. Under the Obama administration, several efforts were initiated by the White House and in Congress to push a federal standard, but no new law resulted.

Ruth Hill Bro, former chair of the American Bar Association section of science and technology law, added that industry would likely support such legislation.
"A lot of companies would welcome having one federal benchmark," for security and data breach notification rather than having to analyse 50 different ones for each state.

FCW:

You Might Also Read: 

Internet of Things Is The Next Big Security Risk:

Internet of Things Will Drive The Digital Revolution of Industry:

Internet of Insecure Things:

 

 

 

« US Reduces Crime Rates Using Effective IT
Industrial Robots Are A Security Weak Link »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CERT-PY

CERT-PY

CERT-PY is the national Computer Emergency Response Team for Paraguay.

Namogoo

Namogoo

Namogoo’s disruptive technology identifies and blocks unauthorized product ads that are injected into customer web sessions by client-side Digital Malware.

Sternum

Sternum

Sternum provides reliable and effective endpoint security for any IoT device, using robust technology and seamless integration.

Keynetic Technologies

Keynetic Technologies

Keynetic focuses on developing cybersecurity solutions for Industry 4.0.

Tetrad Digital Integrity (TDI)

Tetrad Digital Integrity (TDI)

TDI is a world-class consulting firm offering cybersecurity services to government agencies and commercial clients around the world.

Qohash

Qohash

With a focus on data security, Qohash supports security, compliance and optimization use cases enhancing your risk management process.

Blok Cyber Security

Blok Cyber Security

Blok provide small businesses and sole traders, with affordable, managed Cyber Security Packages that offer immediate protection and peace of mind.

CyberAcuView

CyberAcuView

CyberAcuView is a company dedicated to enhancing cyber risk mitigation efforts across the insurance industry.

Graylog

Graylog

Graylog provides answers to your team’s security, application, and IT infrastructure questions by enabling you to combine, enrich, correlate, query, and visualize all your log data in one place.

Silicon Labs

Silicon Labs

Silicon Labs are a leader in secure, intelligent wireless technology for a more connected world. We provide award-winning hardware and software security to help safeguard connected devices.

Global Cybersecurity Association (GCA)

Global Cybersecurity Association (GCA)

GCA’s Symposium and conferences featuring global thought leaders and CISOs provide a global best practice perspective on cybersecurity.

MDSec

MDSec

MDSec is a consultancy with a passion for information security. Our consultants specialise in application, mobile and hardware security and targeted red team attacks.

Nanitor

Nanitor

Nanitor is a powerful cybersecurity management platform focusing on hardening security fundamentals across your global IT infrastructure.

WheelHouse IT

WheelHouse IT

WheelHouse IT secures, manages, and advances businesses with innovative, cost-effective IT solutions.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Stack Overflow

Stack Overflow

Founded in 2008, Stack Overflow’s public platform is used by nearly everyone who codes to learn, share their knowledge, collaborate, and build their careers.