2019 Trends Concerning Cybersecurity And Data Privacy Policy

Every New Year brings new trends of development in the cybersecurity and data privacy policy. The state legislatures have tightened the noose for the organisations and decided to keep the ball rolling for privacy policies. Likewise, in 2018 the state lawmakers passed the data breach notification law. State governments are now initiating towards the laws to protect the personal information of their occupants.

Washington is now complying with California Consumer Privacy Act. It is the second state to espouse the privacy law and following consumer rights principles. These principles are there in the European Union’s General Data Protection Regulation (GDPR). However, in the absence of the current data privacy policy deployed by government, businesses may find it challenging to stay abreast the compliance requirements.

Cybercriminals and their targets

Criminal behaviour is often described as a function of opportunity and risk, balancing the value a potential victim offers against the criminal’s perception that a victim is a natural or difficult target. However, unlike traditional crimes, cybercrime does not require physical proximity between the attacker and the victim.

The practical nature of cybercrime provokes criminals to commit crimes in several locations in a row. Therefore, criminals launch viruses like ransomware and attack the information of an individual in multiple states. They unlock the infected computer by demanding $100 and vanishes thousands of dollars per day. On the other hand, Ryuk which is “a big game hunting” threat which is yet another aspect of cybercrime spectrum. Ryuk put pressure on large scale companies with high ransoms.

Pennsylvania Supreme Court Decision

The Pennsylvania Supreme Court stated that the Univ. of Pittsburgh Medical Center failed safeguarding employees’ personal information. The information stored on an internet- accessible computer system. It took place in late November 2018; hence the Court also permitted the plaintiffs to cover up economic damages under the state’s economic loss. It was applying an existing law duty to a new factual scenario which is opposite to creating a new duty of care, the court added. Moreover, the employees must provide personal information to employers as a condition of employment. The employers must protect the data.

Illinois Supreme Court and consumer biometric data

The Illinois Supreme Court unanimously held last week. It made it clear that individuals do not need to prove damages to sustain a private right of action under the Illinois Biometric Information Privacy Act. In case, a company flunks to comply with the statute’s requirements. Then, the authority takes care of an individual’s privacy rights in their biological information.

The GDPR enforcement fines will influence the US

In 2018, the first UK’s Information Commissioner’s Office (ICO) took action against Canadian-based AggregateIQ (AIQ) for GDPR enforcement. The ICO ordered the AIQ to remove all the personal data stored on its network, of the residents within the UK. In the case of mutiny, a company will pay a fine of €20 million Euros. In January 2019 France’s La Commission Nationale de L’Informatique et des Libertes (CNIL) fined Google €50 million Euros. Until now the fine on Google is the most substantial GDPR penalty.

Conclusion

As compared to the early years, the data storage capacities have increased, but the costs are decreasing. But with data breach and expanding liabilities, companies are required to reassess their data handling practices. Cybersecurity and data privacy are not easy challenges. But resources exist to help companies navigate through the process and respond to threats.

Leave a Reply

Your email address will not be published. Required fields are marked *