Home Privacy Regulations — Are They Really Working to Protect Your Data?

Privacy Regulations — Are They Really Working to Protect Your Data?

Data breaches are happening at an alarming rate. The first half of 2019 saw 4.1 billion compromised records, with the business sector accounting for 67% of the reported breaches and 84.6% of exposed records.

People are starting to take the protection of their own digital identities more seriously.

According to a recent privacy survey, 81% of consumers are more concerned about how companies use their data and 89% say companies should be clearer about how their products use data.

This is why more than 80 countries and regions have adopted comprehensive data protection laws and others will soon follow. But are these laws really working to keep the massive amounts of personal data from falling into the wrong hands?

Regulations like GDPR and the California Consumer Privacy Act (CCPA) are developed with the intent to protect the privacy of consumers in an age where social media and other digital footprints are making it harder to keep that personal information safe and secure.

There are two interesting factors in play that exempt companies from disclosing what they plan to do with the consumer data they collect in certain situations.

Exemptions

In section 1798.105(d), CCPA states, “a business or service provider shall not be required to comply with a consumer’s request to delete the consumer’s personal information if it is necessary for the business or service provider to maintain the customer’s personal data in order to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.”

The statement appears to exempt anyone in cybersecurity from the request if they can prove the data is required to meet one of those activities.

Items within certain security platforms that leverage the device and user identity for detection can operate under this exclusion, which is something both the security vendor and customer should, therefore, be cognizant of.

Services Provided

Additionally, section item 1798.105(3) of CCPA states that business shall not be required to comply with the act if they provide a service to “debug to identify and repair errors that impair existing intended functionality.”  

Read that statement again, please!

It opens another huge exception for businesses that debug or repair devices. It appears they are removed from any responsibility to destroy or delete the data after any period of time.

Another implication of this “law” ties into the consumer’s right to repair. Consider a consumer who has their private data stored on a personal device but modifies or repairs that device in some way that leaves the device susceptible to attack or breach.

Who is responsible? The manufacturer or the consumer?

CCPA does not provide guidance on this leaving ambiguity and potential loopholes.

While businesses may comply within these exemptions and services loopholes, that shouldn’t exclude them from the basic ethical obligation they have to inform their customers on what they plan to do with their data.

And these exemptions aren’t winning any favors with consumers, which is why nearly half of Americans don’t trust the government or social media sites to protect their data.

While governments are attempting to help by enacting privacy legislation, consumers must take the protection of their privacy into their own hands by following a few basic guidelines.

Don’t Open that Link

Phishing attempts have grown 65% in the last year and those attacks account for 90% of data breaches. And attackers are finding new ways to make their phishing scams even harder to detect.

An example shows how these attacks are now happening in real-time. The bad actor pretends to be known to the user who claims to have limited cellphone reception, so a confirmation call is not possible. The victim then helps, which then leads to handing over sensitive data to the attacker.

While phishing is getting harder to detect, there are ways to defend against them.

For instance, if there is a request to click on a link, CHECK to see if there any misspellings or weird characters in the URL.

In these cases, it’s a safe bet you can just delete the email (and link) right away.

Make it a habit to avoid clicking on links sent to you via email or social media solutions – especially those from your bank, utility companies, social networks, etc.

Instead, go to the source and type out the URL in the browser and login there.

Multi-Factor Authentication

Multi-factor authentication is one of the easiest ways to protect one’s information, yet many consumers don’t know this capability exists. With multi-factor authentication, a user is asked to provide two or more pieces of information for logging into his/her devices.

For example, along with providing a password, an individual can arrange to have a code sent to their device before access is granted. When you login this way, if an unauthorized third-party somehow steals the password, they still can’t log into the account because they won’t receive the follow up mobile text code.

Many consumer services like Google and Facebook support this capability and individuals are well-advised to use this extra security.

Multiple Passwords

People still fall victim to bad password habits despite the incentives to avoid them.

Using unique passwords for all accounts helps ensure hackers only gain access to the one system associated with that password.

You can check sites like haveibeenpwned.com to determine if your information was lost in a breach.

Please use different passwords for every account — whether it’s for business or personal use.

I know it’s a pain in the butt — however, the longer the password, the better. Password manager applications can then help you store all of these passwords securely and protect them with multi-factor authentication.

There is no one sure-fire way to ensure that the billions of global data records remain protected.

Privacy regulations are a first (and much needed) step in the right direction. However, it’s up to everyone – including consumers – to do their part in protecting their personal identities online.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Jason Bevis
Editor

Jason is the vice president of Awake Security Labs at Awake Security, the only advanced network traffic analysis company that delivers answers, not alerts. He has extensive experience in professional services, cybersecurity MDR solutions, incident response, risk management and automation products. Jason has worked for top security companies such as Cylance, FireEye-Mandiant, Foundstone-McAfee and KPMG Consulting. With over 20 years’ experience, he is a veteran of multiple startups that have been public. He is also a member of the InfoTech Research Group hall of fame, a cybersecurity advisor to the Rutgers Certificate program and has served as a forensics judge…

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.