Regulating Data Collectors
Companies and other agencies gathering people’s data creates vulnerabilities that hackers are all too eager to exploit. Whether it’s for targeted advertising or selling to third parties, data has become a most valuable commodity. You can’t go a day without hearing about a data breach in the news, be it aimed at a school, business or government agency. Against such a background does the Consumer Financial Protection Bureau (CFPB), the main US agency that deals with protecting consumer data, attempt to keep pace with the ever evolving landscape of technology and its impact on privacy.
This week, the agency has announced its intention to regulate the companies that collect and sell personal data. Citing adherence to the Fair Credit Reporting Act, Bureau Director Rohit Chopra states the CFPB will be “developing rules to prevent misuse and abuse by these data brokers,” outlining two primary steps to begin. Any company that sells personal data will be defined as a consumer reporting agency, which would subject them to more stringent measures of data responsibility. Second, the CFPB means to tighten disclosures of certain types of information known as credit heading data, which credit reporting firms like Equifax utilize. The CFPB wants to better protect the exposure of this data in the event of a security incident.
Finalizing and enacting this regulatory change could take some time, but one thing is clear: consumers need constant vigilance and evolution of standards to keep their data safe – and thus, themselves.
There is no shortage of evidence to this point. The MOVEit breach alone continues to provide a wealth of examples, making headlines again and again as new fallouts come to light. The Colorado Department of Health Care Policy & Financing is the latest in this saga, now forced to notify over 4 million people that their data was exposed. With them, debt collecting agency Radius Global Solutions is also disclosing a breach that impacts over 600,000 individuals, due to improper access of documents in its own MOVEit database. Not to be excluded, the University of Massachusetts Chan Medical School and the Commonwealth of Massachusetts have alerted more than 134,000 state residents of the MOVEit hack and what steps they can take to protect their data.
Who knows how many more occasions we will have to cover this story? When dealing with breaches of this magnitude, we often don’t exhaust news and discussion even months or years later. While we wait for the powers that be to deliberate on courses of action, like the CFPB’s plan, it’s important not to sit idly on our thumbs. NetLib Security’s Encryptionizer solution provides formidable, transparent encryption of stored data to keep your name, and those of your customers, out of the headlines.