data-protection-regulations-secure-drive

GAO Backs Senators in the Push for Data Protection in the U.S.

After the European Union (EU) created its General Data Protection Regulation (GDPR), Senators and agencies alike have pressured the United States government to adopt their own internet privacy laws.

The GDPR is a list of security practices for businesses to follow. They include several regulations such as creating clear language in a “terms of use agreement” for data usage. They also require a company to report a data breach within 72 hours. One of the user-focused laws is the right for an individual to have data deleted from any third party. In contrast, the U.S. has no comprehensive internet privacy law that outlines how a consumer’s personal data is used.

United States Current Privacy Policies

The country as a whole currently has no internet privacy laws. According to the National Conference of State Legislatures, each state has its own privacy laws. Even so, not every state has legislation for every category. These include: Internet Server Providers (ISP) Privacy, Social Media Privacy Laws, and Statewide chief information security officers or (CISOS).

Last year, the Federal Communications Commission (FCC) created several rules to protect consumers. Some of these rules included:

  • allowing consumers to “opt-in” or “opt-out” of data collection
  • requiring companies to make notifications of a data breach
  • letting users know what personal information is being collected and how it is used

Only 26 states have created social media laws, which prohibit the access of a student or employee social media account. All 50 states have employed a CISOS who creates statewide policies and requires security training for employees. Another nationwide piece of legislation is the requirement to notify individuals of security breaches that involve personally identifiable information.

GAO Report Finds Holes in U.S. Policy

After several data breaches occurred, The Government Accountability Office (GAO) decided to take action. They completed a study about internet privacy that explored how the FCC and Federal Trade Commission (FTC) have overseen privacy. They also looked into what stakeholders thought were the strengths and weaknesses of privacy handling and what improvements could be made.

They found that the FTC filed over 100 enforcement actions regarding Internet privacy, but they ended up as settlement agreements. This leaves it to the company as to how they handle the violation, meaning policy makers are left out of the equation. As far as the stakeholder opinions, they identified three ways to increase privacy:

  • Creating a statute explaining what is and is not allowed for consumers, industries, and agencies alike
  • Enforcing fairness by having defined rules for everyone
  • Allowing the FTC to enact civil penalties for first-time violations of the FTC Act

Recommendations for Consumer Protection

The overall solutions that the GAO came up with based on their research are basic ways for the U.S. to create a solid internet privacy policy. They recommend that Congress develop legislation on Internet privacy that would protect the consumer and allow for room to evolve. Another point was to figure out what type of authority figures agencies need to oversee privacy and rulemaking.

The conclusion of their report stated, “…there is no comprehensive federal privacy statute with specific standards…Comprehensive legislation addressing Internet privacy that establishes specific standards and includes APA notice-and-comment rulemaking and first-time violation civil penalty authorities could help enhance the federal government’s ability to protect consumer privacy… and provide better assurance to consumers that their privacy will be protected.”

How to Secure Your Information

The GDPR-style privacy that is recommended can be difficult to obtain. We at Secure Data have created a product that is GDPR compliant, FIPS 140-2 certified, and Privacy Shield Certified. Our line of SecureDrives are hardware encrypted to eliminate data leaks and come preloaded with DriveSecurity Antivirus protection.

The KP model has a wear-resistant pad so potential hackers won’t be able to figure out the most commonly used keys. After ten consecutive incorrect PIN attempts, the data is wiped from the drive. The BT model of the SecureDrive puts data control in the hands of the user. Your drive will only unlock when you use the app on your phone and you can delete data and reset your password remotely using the same app. Other features include geo-fencing and time-fencing restrictions to limit who has access to your personal data.

Many organizations don’t even know that GDPR regulations exist, but the consequences are substantial. For each incident violating the regulations, you will have to pay between two and four percent of the worldwide annual revenue for the whole organization. SecureDrives ensure that your company is GDPR compliant and your data remains secure. Call 1-800-875-3230 with any questions.