Posted by: Ben Cole
CIO, Data Security, online privacy
A few weeks ago in this space, I wondered if increased scrutiny of Google’s business practices was just the beginning of the federal government’s efforts to regulate the Internet. Judging by a handful of news stories and announcements last week, online data security and online privacy concerns have shot to the top of at least some lawmakers’ lists of concerns.
For starters, Sen. Richard Blumenthal (D-Conn.) introduced the Personal Data Protection and Breach Accountability Act of 2011. The legislation is designed to protect consumers’ personally identifiable information and improve online data security.
The bill would create a process for companies to establish appropriate online data security, and it would hold companies accountable for failing to comply with those plans. In what may be spurred by Sony’s slow response to a huge data breach earlier this year, Blumenthal’s bill also requires companies to promptly notify consumers after a breach has occurred, and to provide consumers with solutions to alleviate online security threats.
To help prevent future beaches, the bill encourages better information-sharing among federal agencies, law enforcement and the private sector to alert businesses of specific online security threats.
Also last week, an Op-Ed piece in The New York Times highlights an upcoming Supreme Court case that could have huge ramifications for online privacy concerns. But this time, it regards how much information the government should have access to.
The case, United States v. Antoine Jones, concerns a GPS device placed on the car of a suspected drug dealer without a warrant, which the man says was a violation of the Fourth Amendment.
“If the court rejects his logic and sides with those who maintain that we have no expectation of privacy in our public movements, surveillance is likely to expand, radically transforming our experience of both public and virtual spaces,” wrote Jeffrey Rosen, a law professor at George Washington University.
Rosen pointed out that technologies such as Facebook’s facial-recognition tool could be used by law enforcement to help identify criminals. Rosen also referenced a 2008 comment from a Google executive saying that, within a few years, public agencies and private companies could be asking Google to post live feeds from public and private surveillance cameras all around the world.
“If the feeds were linked and archived, anyone with a Web browser would be able to click on a picture of anyone on any monitored street and follow his movements,” Rosen wrote in The New York Times piece.
These news items were among a handful reporting on online data security regulations in the past week. Here are some others:
- The Federal Trade Commission announced it is seeking public comment on proposed amendments to the Children’s Online Privacy Protection Rule, which gives parents control over what personal information websites may collect from children under 13. The amendments are aimed at keeping pace with new technology and devices that give children Internet access.
- Connecticut Attorney General George Jepsen announced the creation of a task force to investigate Internet privacy and data breaches while educating the public and businesses about data protection.
- On Thursday, the House subcommittee on Commerce, Manufacturing, and Trade held the first of a series of hearings to address online privacy. The hearing examined the European Union’s privacy and data collection regulations and how they have affected the Internet economy. Some have expressed concern that limiting the tracking of Internet users (as is done in the EU) could dramatically hurt online marketing effectiveness.
Federal online privacy concerns and the increased government involvement in online data security may be warranted, at least according to a new PricewaterhouseCoopers survey of 9,600 security executives. The survey found that 43% of global companies think they have an effective information security strategy in place and are proactively executing their plans. However, only 16% of respondents say their organizations are prepared and have security policies that are able to confront an advanced persistent threat attack, creating more online data security concerns.
It appears that most people with a stake in the game are at least aware of the severity of online security threats. Perhaps a combination of legal regulations and private efforts surrounding online data security could have the movement heading in the right direction.