Cybercriminals and their targets
Criminal behaviour is often described as a function of opportunity and risk, balancing the value a potential victim offers against the criminal’s perception that a victim is a natural or difficult target. However, unlike traditional crimes, cybercrime does not require physical proximity between the attacker and the victim.
The practical nature of cybercrime provokes criminals to commit crimes in several locations in a row. Therefore, criminals launch viruses like ransomware and attack the information of an individual in multiple states. They unlock the infected computer by demanding $100 and vanishes thousands of dollars per day. On the other hand, Ryuk which is “a big game hunting” threat which is yet another aspect of cybercrime spectrum. Ryuk put pressure on large scale companies with high ransoms.
Pennsylvania Supreme Court Decision
The Pennsylvania Supreme Court stated that the Univ. of Pittsburgh Medical Center failed safeguarding employees’ personal information. The information stored on an internet- accessible computer system. It took place in late November 2018; hence the Court also permitted the plaintiffs to cover up economic damages under the state’s economic loss. It was applying an existing law duty to a new factual scenario which is opposite to creating a new duty of care, the court added. Moreover, the employees must provide personal information to employers as a condition of employment. The employers must protect the data.
Illinois Supreme Court and consumer biometric data
The Illinois Supreme Court unanimously held last week. It made it clear that individuals do not need to prove damages to sustain a private right of action under the Illinois Biometric Information Privacy Act. In case, a company flunks to comply with the statute’s requirements. Then, the authority takes care of an individual’s privacy rights in their biological information.
The GDPR enforcement fines will influence the US
In 2018, the first UK’s Information Commissioner’s Office (ICO) took action against Canadian-based AggregateIQ (AIQ) for GDPR enforcement. The ICO ordered the AIQ to remove all the personal data stored on its network, of the residents within the UK. In the case of mutiny, a company will pay a fine of €20 million Euros. In January 2019 France’s La Commission Nationale de L’Informatique et des Libertes (CNIL) fined Google €50 million Euros. Until now the fine on Google is the most substantial GDPR penalty.
As compared to the early years, the data storage capacities have increased, but the costs are decreasing. But with data breach and expanding liabilities, companies are required to reassess their data handling practices. Cybersecurity and data privacy are not easy challenges. But resources exist to help companies navigate through the process and respond to threats.