New EU Privacy Laws May Help US Privacy

On May 25, 2018, the European Union is implementing some privacy laws that may help to improve the security of US businesses. The new laws require any US company doing business in the EU to comply. Some US companies are complying completely, while others are building two compliances, one for the EU and another for the US. Still, the effect is likely to improve privacy protection overall, as the EU laws seem to be being adopted worldwide. 

These laws include tightening up the breach notification window to 72 hours of being discovered, giving users the right to request to see the data being held and have their data removed, and require the companies to have a data protection officer who will not be part of the operations and responsible for the compliance to the privacy laws. 

I’m sure there will be kinks that need to be worked out, but on the surface this looks hopeful. It is going to be difficult to get similar laws passed in the US, because of the structure of federal and state laws, but I’m encouraged that the amount of data breaches in the last few years, especially the Equifax breach last year, has raised the awareness among state and federal legislators to a point of action. 

This is a good related article:

Comments

Post a Comment

Popular posts from this blog

Equifax Provides More Details of Hacked Data

In a recent letter to several congressional committees, Equifax shared that out of the 146+ million records that were hacked in last year's breach: all contained consumers' dates of birth,  nearly all contained Social Security Numbers,  99 million had address information,  209,000 contained credit card data including expiration dates,  38,000 contained driver's license info, 3,200 contained passport information. While some identity fraud incidents have been traced back to the Equifax breach, most of these records have not yet been used in a fraud.  However, since the data is not likely to change (other than credit card info), it is assumed that eventually the stolen information will be sold in the dark web and misused.  Just a matter of time.  My advice: do what you can to minimize your exposure and certainly stay on top of your credit reports, but since things like passports, driver's licenses, and Social Security Numbers can be used in non-financial identity
Read more

Orbitz Reveals Breach Of 880,000

Orbitz, a division of Expedia, has announced it was hacked last October, 2017, revealing credit card information of 880,000 customers, including names, birth dates, mailing and email addresses, dated between January and June, 2016. The current Orbitz website was not hacked, according to the company. One article on the breach: http://www.zdnet.com/article/orbitz-says-hacker-stole-customer-data/
Read more

Should I Be Concerned About Criminal Identity Theft?

As I mentioned in a previous post, I've found that most people equate ID theft only with their finances -- their bank and credit accounts.  They don't see a need for paid protection services, relying instead on bank- or card- or insurance-provided free services.  Or they put fraud alerts on their credit report every three months. While useful, these free services rarely look beyond the finances or offer much in the way of restoration.  I advise people to get all of the reliable free coverage they can, but recognize their limitations, and understand that real identity theft is much more than their finances. Take for example something called criminal identity theft.  This is where someone pretends to be someone else, hiding their own identity, when caught in the act of a crime, such as illicit drug dealing or breaking and entering.  Often this is pulled off by first obtaining driver's license info either through direct theft or through a breach and then modifying it with
Read more