State by State Takedown of Cybercrime
Individual U.S. states are still in the process of enacting their own data protection statutes. Kentucky is now the latest with the Kentucky Consumer Data Protection Act (KCDPA, not to be confused with KPDH, which would be KPop Demon Hunters), effective as of this month. As with other state rules, the KCDPA provides regulations for businesses processing the data of Kentucky citizens. This includes protected health information (PHI) and health records, among other categories. In short, any private personal or sensitive data that is linked to an identifiable natural person: biometric, ethnic or religious, medical or citizenship data.
The new law also grants Kentucky consumers rights to request deletion, copies of, or corrections to their personal data. Provided there are no legal complications, companies must honor the “right to be forgotten” if a person wants to take down old data. Organizations are also required to offer opt out options for targeted ads, sale of their data, or profiling in service of materially significant effects, like an insurance quote that goes up, up, up because of assumed health status based on gathered fitness or medical data.
It’s interesting to think back a few years to the launches of GDPR and CCPA, and how they have for a long time been the golden standard. During these early days, other states and countries conjuring up their own data regulations would follow this pioneering trail. Recent regulations, like Kentucky’s and Indiana’s, rather look to the Virginia model to see how it’s done, one which emphasizes these more consumer friendly opt out abilities. Explicit consent for data processing and sale must be given by the individual, who might not wish for the entire world to have access to their private details.
Keeping such sensitive data securely sealed may also be of current concern to Instagram users. Despite company denials that the platform has been breached, users are complaining about receiving frequent and unwarranted password change requests. This might be mere coincidence, after all. Instagram states it was an issue allowing external parties to request password resets for some people, which is now fixed. Meanwhile, Malwarebytes issued a report about a trove of stolen data from 17.5 million Instagram accounts, a substantial breach unrelated to the current round of password resets.
Hopefully users are in the clear for now. The best weapons in the fight against cybercrime continue to be possession of the right tools and knowledge. Multifactor authentication, improved access controls, skepticism to combat social engineering schemes, and of course, encryption. As we alluded to in our article of predictions for the new year in cybersecurity, advances in AI have only improved phishing and other social engineering scams – for those who don’t ensure their systems are secure, the risk is exponentially greater. NetLib Security’s Encryptionizer solutions provide transparent encryption for stored data on servers, apps and other devices across all environments – physical, virtual and cloud. No programming changes are required, and Encryptionizer also assists with compliance requirements.
Request a free evaluation here.