While exposing us to financial catastrophe, tech corporations are profiting billions from our personal data. We frequently pay for their errors when our information is stolen.
Big businesses have utilized our data to create business models, frequently without telling us who has access to it or how it is being used. With little any monitoring, they have appointed themselves as stewards of our data, taking responsibility for breaches because the repercussions are absurd. Cybercriminals create billions, they get rich, and we are left in the dark.
Criminals ruin people’s life by stealing government benefits and using stolen information to create fictitious credit lines. Over one in five Americans will experience identity theft at some point in their lives. In addition to spending 200 to 600 hours of their lives attempting to regain their identity, victims lose an average of $1,500 to $4,800, according to the FTC. Some never fully recover and are subject to denials of credit applications, erroneous arrests, and no-fly lists.
A breach that compromised between 2.7 billion and 2.9 billion personal details was disclosed by consumer data broker National Public Data (NPD) on August 16. Most Americans, if not all of them, may be impacted by this breach. What a betrayal of confidence.
Although the Gramm-Leach-Bliley Act of 1999 guarantees data security for financial organizations, no laws adequately govern other kinds of businesses. Public corporations are held accountable by the SEC, but enforcement is lax and fines are sometimes less expensive than putting strong security measures in place. These self-appointed defenders of our data have little incentive to go to great lengths to keep us safe if there are no serious repercussions.
On the other hand, personal data is legally defined as individual property under the General Data Protection Regulation (GDPR) of the European Union. GDPR guarantees data protection by design and is an outcome-focused framework. Cisco s 2023 Cybersecurity report indicates that data breaches have decreased by 40% in companies adhering to GDPR policies.
The ambiguity of GDPR’s security obligations is one of its main criticisms. Although it does not specify how they should do so, it requires that enterprises maintain data security. Businesses are pleading with the EU for more precise rules to reduce their responsibility.
Data protection continues to be overlooked in the absence of substantial financial repercussions for breaches. Cybersecurity incidents are common, yet individuals often can t identify the source of their identity theft, leaving them without legal recourse.
Although lawmakers are unable to enact a comprehensive solution, they can have an impact that is greater than the expense of appropriate security measures. The severity of the penalties should be commensurate with the size of the organization and the possible harm. This would encourage insurance companies to scrutinize cybersecurity practices more closely.
A three-strikes system could escalate penalties or ban data collection based on the frequency and severity of violations. Real risks must be introduced for organizations that cause widespread financial chaos for Americans.
Outcome-based regulation is more effective than prescriptive regulation. Instead of outdated checklists that companies use to hide behind compliance, this approach encourages ongoing improvement and innovation in security practices. It forces them to take their responsibilities seriously.
In this digital age, our identities have become commodities, carelessly guarded by those we trust. We often don t know who has our information until it s too late when our credit is ruined and our reputations destroyed. We must demand more than symbolic gestures while being thrown to the criminal wolves.
It s time for Congress to enact comprehensive, outcome-based data protection legislation that prioritizes Americans digital identities and financial futures. Our data is our personal property; it s time our laws reflected that reality.
Devin Jones is chief operating officer of cybersecurity company Active Cypher.
Note: Thank you for visiting our website! We strive to keep you informed with the latest updates based on expected timelines, although please note that we are not affiliated with any official bodies. Our team is committed to ensuring accuracy and transparency in our reporting, verifying all information before publication. We aim to bring you reliable news, and if you have any questions or concerns about our content, feel free to reach out to us via email. We appreciate your trust and support!
