THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
Is it time to rethink user data security in the U.S.? As we move closer towards the enforcement of the General Data Protection Regulation (GDPR) standard on May 25, companies and organizations that do business in the European Union (E.U.) are required to implement its controls. While larger organizations are working feverishly to implement the standards, and how they will allow consumers to access their data. Implementing these controls can be a daunting task, but in the name of consumer protections, they are all doing it. Is it time for the adoption of these same regulations here in the U.S.? Behind the Curve When it comes to data security, everyone knows that the U.S. is behind the curve on adopting protections for consumers. While most of the world adopted the EMV (Europay, MasterCard, and Visa) standard for payment card processing, the U.S. lagged behind its implementation and adoption. It has only been over the last year or so, with the included requirements for PCI (Payment Card Industry) that we have seen a steady increase in the number of providers. Protections Built In GDPR will provide a number of protections for users who provide their personal information to companies or organizations that do business in Europe. Here are some of the highlights:
Social Media GDPR
As was brought up numerous times during the hearings in Congress this week, GDPR is currently being looked at for adoption here in the U.S. as well. It has been one of the biggest failures that Facebook and their CEO, Mark Zuckerberg have been allowed to regulate themselves. When asked about the need of regulations, he even agreed that it is needed. The only issue is who needs to adopt it, Congress or the industry? The consciences is that the industry has failed to do so, so it will be up to Congress to implement new regulations. Social media has been an industry that continues to collect and use customer data with very little if any accountability to the individuals that provide it. A GDPR type regulation may change that paradigm and create a more responsive industry to the needs of its users. We all should have the rights that are afforded under GDPR, it is just sad that the E.U. is the one to show us that we needed it. Regulations Needed When consumers are given control of their data and there are protections put into place that protect that information, everyone wins. We all win in that our data is taken more seriously by the organizations that use it for their own benefit. This is also true for businesses that have to enforce the controls. Businesses will have to get their houses in order and do the right thing when it comes to protecting our data. If an organization does not have a regulation, making them do what is best for the consumer, maybe its time for the Congress to act, and make it happen. Summary While regulations can cost an organization time and effort to enforce, it is needed in order to protect the personal data of their customers. Numerous businesses have gotten off the hook by not having to answer to the consumer who has had their data compromised. Sure, their reputations may have been impacted, and they may have had to face some sort of fine, but they got out unscathed for the most part. However, the consumer has had to fight to regain control of their information and to correct the misuse of that information by identity thieves. A regulation that gives the control and use of a consumer’s information back into the hands of a consumer is a good thing. Moreover, the Congress should look at ways to implement similar regulations to GDPR, while also making sure that has the teeth that it needs for the enforcement of it. References EUGDPR.org https://www.eugdpr.org/ PCI https://www.pcisecuritystandards.org/ Mr. Zuckerberg's image by Reuters. https://www.reuters.com/
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|