The Digital and Cyberspace Policy Program has launched a new Cyber Brief. This one examines policy responses to massive data breaches. The brief was written by Nuala O’Connor, president and CEO of the Center for Democracy and Technology.
Half of all Americans believe their personal information is less secure now than it was five years ago, and a sobering study from the Pew Research Center reveals how little faith the public has in organizations, whether governmental or private-sector, to protect their data. There are good reasons for the lack of trust. In 2017, there was a disastrous breach at Equifax, Yahoo’s admission that billions of its email accounts were compromised, Deep Root Analytics’ accidental leak of personal details of nearly two hundred million U.S. voters, and Uber’s attempt to conceal a breach that affected fifty-seven million accounts. Individuals are left stymied about what action they can take, if any, to protect their digital assets and identity.
O’Connor argues that record-shattering data breaches and inadequate data-protection practices have produced only piecemeal legislative responses at the federal level, competing state laws, and a myriad of enforcement regimes that fail to adequately protect data. In contrast, other Western countries have already adopted comprehensive legal protections for personal data. While the default policy response to a large breach has often been a call for a national breach notification law, O’Connor makes that case that it is past time for Congress to create a single legislative data-protection mandate to protect individuals’ privacy and reconcile the differences between state and federal requirements.
You can find the full brief here.