Senators roll out bipartisan data privacy bill
More states are passing their own data privacy rules.
Senator Amy Klobuchar (D-MN) has teamed up with a bipartisan group of senators to reintroduce the Social Media Privacy Protection and Consumer Rights Act which would protect consumer data privacy when collected by large tech platforms like Facebook and Google. The bill would force websites to grant users greater control over their data and allow them to opt out of data tracking and collection.
According to Erich Kron, security awareness advocate at KnowBe4, “While many of the measures in this bill are great, it would have to be seen how much impact they have in the real world. While explaining to people, even in plain terms, the types of data that are stored or collected by the platforms, this does not mean that people will understand the true risk it poses for them. Making people aware that the platform collects this data does not ensure that they will care.
The provision to require notification of a breach within 72 hours of it occurring sounds like a great idea, however, in practice that may not be enough time to assess the incident and provide meaningful information. For this reason, the initial notification is liable to be very limited in usefulness. In addition, the requirement to notify users within 72 hours of the breach occurring is flawed, as often organizations do not realize the breach occurred until long after that deadline has passed. Better wording would be to require notification within a timeframe after the breach is identified, not occurred.
There is the real possibility that the short notification window could hamper law enforcement actions as well, as oftentimes the breach is discovered while the attackers are still in the system. Once known, their actions could be tracked and even selectively blocked, giving responders an opportunity to attempt to identify the attackers. With a public breach announcement that soon, the attackers could be alerted, prompting them to cover their tracks and break off before meaningful forensics could be gathered.
This is a very complicated issue that will continue to grow as more digital information is collected across the multitude of new and existing social networks, which is why it is so important to ensure that the laws being proposed take into account the nuances and complexities of dealing with data breaches”.