U.S. CitiesCity-Data Forum Index
Go Back   City-Data Forum > General Forums > Science and Technology
 [Register]
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
View detailed profile (Advanced) or search
site with Google Custom Search

Search Forums  (Advanced)
Reply Start New Thread
 
Old 02-13-2020, 01:09 PM
 
Location: Seattle
3,756 posts, read 826,594 times
Reputation: 3251

Advertisements

Sen. Gillibrand from NY is the sole sponsor of a Senate bill to establish a U.S. federal data protection agency:

https://techcrunch.com/2020/02/13/gi...w-data-agency/

This agency is supposed to be "given the authority to enforce data practices across the country". I think this measure is long overdue, particularly given the Equifax hack by the Chinese military, and I hope it gets support.
Reply With Quote Quick reply to this message

 
Old 02-13-2020, 01:40 PM
 
184 posts, read 27,311 times
Reputation: 326
As long as it's given as much authority as CFPB... maybe with no-takebacks, this time.


But yes, the situation is about like U235 accumulating in private warehouses. Maybe worse.
Reply With Quote Quick reply to this message
 
Old 02-13-2020, 02:48 PM
 
Location: HoCo, MD
4,781 posts, read 8,364,197 times
Reputation: 5446
So.... sort of like OCR w/ HIPAA? How's that working out?

At the end of the day - I don't disagree that something should be done. But I don't see this as the answer. What has GDPR really done? And yes, I get that we're less than 24 months into GDPR, but what I typically see with these approaches is that compliance becomes more complex and confusing. But compliance doesn't automatically = increased security/privacy. What it will likely do is make things more expensive though.

IMO - The real winners with this will be government contractors, accounting/auditing firms, lawyers, GRC vendors, IT vendors, IT consultants, etc. But hey, this is exactly what I do. So this will certainly help my career.
Reply With Quote Quick reply to this message
 
Old 02-13-2020, 02:55 PM
 
184 posts, read 27,311 times
Reputation: 326
Quote:
Originally Posted by macroy View Post
At the end of the day - I don't disagree that something should be done. But I don't see this as the answer.
So is the answer to wag a stern finger at Facebook, Google, Acxiom and the nameless departments of nearly every major conglomerate and ask them to be responsible with all of that data?


At least until they're bought out by a Chinese company who loves all the factories and brands but has wet dreams about the consumer databases?
Reply With Quote Quick reply to this message
 
Old 02-13-2020, 08:09 PM
 
40,989 posts, read 42,612,832 times
Reputation: 17204
Quote:
Originally Posted by Therblig View Post
So is the answer to wag a stern finger at Facebook, Google, Acxiom and the nameless departments of nearly every major conglomerate and ask them to be responsible with all of that data?

Facebook and Google have an army of lawyers and engineers to deal with this stuff and it's exactly how they will look at it from competitive stand point.


I'm not saying nothing should be done but our government doesn't exactly have the greatest track record of protecting smaller business's when they implement legislation because of what big companies have done.
Reply With Quote Quick reply to this message
 
Old 02-14-2020, 07:13 AM
 
Location: HoCo, MD
4,781 posts, read 8,364,197 times
Reputation: 5446
Quote:
Originally Posted by Therblig View Post
So is the answer to wag a stern finger at Facebook, Google, Acxiom and the nameless departments of nearly every major conglomerate and ask them to be responsible with all of that data?


At least until they're bought out by a Chinese company who loves all the factories and brands but has wet dreams about the consumer databases?
I don't think I said that. But....since you mentioned it. The bolded is really what these regulatory agencies end up doing - with the added emphasis of "or, we'll levy a ton of money in fines against you".

So in order to do this - they have to draw a line in the sand (regulations, requirements, etc.). Unfortunately, in many cases, because you have to adapt them to a wide range of scenarios, these requirements are often vague. As Coleman mentioned, the bigger companies have a team of people that can help them "interpret" these regulations in a way that will give them the best advantage. What you end up having is that they will be in "compliance", but your information is not necessarily more secure. As a result, tons of money (taxpayers, higher costs, etc.) will have been spent to check those compliance boxes with minimal reduction in risk (at least in comparison to the money spent).

As I said, this is exactly what I do for a living. Security/Privacy is more about behavior. And legislation/compliance only goes so far. As much as we complain about security/privacy - most of us don't actually prioritize it ourselves. Gmail is the most popular email solution in the world. Do you think that's the case because it's got the best features/capabilities? Maybe. But I'd say it's the most popular mainly because it's FREE. Well... it's not really free. It just doesn't cost money. What it does cost is some of your privacy. And most people know that. Yet, they still use it.

Again - I'm not saying compliance/legislation is bad. But it's NOT the blanket answer that everyone is always trying to hide behind.
Reply With Quote Quick reply to this message
 
Old 02-14-2020, 11:29 AM
 
184 posts, read 27,311 times
Reputation: 326
Quote:
Originally Posted by thecoalman View Post
Facebook and Google have an army of lawyers and engineers to deal with this stuff and it's exactly how they will look at it from competitive stand point.
So... we're supposed to leave it in their hands? Because competition?

Quote:
Originally Posted by macroy View Post
Again - I'm not saying compliance/legislation is bad. But it's NOT the blanket answer that everyone is always trying to hide behind.
In a very general sense, I agree. Legislation is most effective when it codifies and organizes practices in use for other reasons.

However, exactly what do you propose to limit the collection of individual data and protect against the misuse of both the data already collected and the increasingly detailed tide being collected? I'm reading a faint sense of "well, they need really, really good data security" - which would be completely missing the point.
Reply With Quote Quick reply to this message
 
Old 02-14-2020, 06:34 PM
 
40,989 posts, read 42,612,832 times
Reputation: 17204
Quote:
Originally Posted by Therblig View Post
So... we're supposed to leave it in their hands? Because competition?

The point is that big business causes many of these problems that need to be addressed and smaller companies end up paying the price. For example we had the lead scars with toys a few years back. There was 100's or thousands of people making wooden toys here in the US in very small batches. The testing requirements would of made their product impossibly expensive. The companies like Mattel who caused the problem to begin with are testing batches of 100K toys in house so it costs them pennies per unit....



I take the security of the data I hold seriously but I'm dependent on third party vendors and my own skills deploying it. As I often tell my members I'm not a bank with an army of engineers. The relevant personal data I do collect would consist of username, email and password(hashed). If there is anything else it's out of my control, e.g. member used their address in private message. I have all but eliminated third party external files that can track people, the only thing left is embedded content like Youtube and I have intentions of making this optional to eliminate them altogether. I do not share any data from anyone with third parties, not even anonymous data.



I've already done my part to the best of my ability. My concern is I end being the next wooden toy maker....
Reply With Quote Quick reply to this message
 
Old 02-15-2020, 01:34 PM
 
184 posts, read 27,311 times
Reputation: 326
Quote:
Originally Posted by thecoalman View Post
The point is that big business causes many of these problems that need to be addressed and smaller companies end up paying the price.


I take the security of the data I hold seriously but I'm dependent on third party vendors and my own skills deploying it.


I've already done my part to the best of my ability. My concern is I end being the next wooden toy maker....
So your argument is that small companies handling U235, botulin toxin, anthrax spores, automatic weapons or vast troves of individuals's data should be held to some lesser standard of compliance and control, largely based on something between the honor system and "But, your honor, I was doing the best I could!"?


Sorry. I do recognize that federal regulation intended to protect against worst-case situations can be smothering, even fatal to companies too small to cope with it, but that in no way buys you a pass on meeting the same standards of security. And there is the perpetual danger of data holding companies to be taken over, externally or internally, or bought by malicious entities, just to get the keys to the vault, so oversight of data security that goes past current days, owners and situations is (IMVHO) a Defcon 1 situation.


If that pushes small businesses out of the data game, it's for the same reason that even small companies aren't allowed to paint toys with lead paint because it's cheaper or easier to use or produces brighter colors or whatever.
Reply With Quote Quick reply to this message
 
Old 02-15-2020, 06:12 PM
 
40,989 posts, read 42,612,832 times
Reputation: 17204
Quote:
Originally Posted by Therblig View Post
So your argument is that small companies handling U235, botulin toxin, anthrax spores, automatic weapons or vast troves of individuals's data should be held to some lesser standard of compliance and control, largely based on something between the honor system and "But, your honor, I was doing the best I could!"?


Do not try and form my argument for me, I'm more than capable of doing it myself. Care to explain how you go from associated username, email and password I mentioned to botulin toxin? That's a pretty far leap if I ever saw one.



Obviously if a company is holding sensitive personal data or otherwise they should meet the same standards as anyone.







Quote:
If that pushes small businesses out of the data game, it's for the same reason that even small companies aren't allowed to paint toys with lead paint because it's cheaper or easier to use or produces brighter colors or whatever.

It wasn't the small one man business with lead in their product, it was Mattel. If you end up with overburdening regulations a site like this one may go away. Of course you can go use Google's platform who of have all the interest in the world in your privacy.
Reply With Quote Quick reply to this message
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.

Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.


Reply

Quick Reply
Message:


Over $104,000 in prizes was already given out to active posters on our forum and additional giveaways are planned!

Go Back   City-Data Forum > General Forums > Science and Technology
Follow City-Data.com founder on our Forum or

All times are GMT -6.

© 2005-2020, Advameg, Inc. · Please obey Forum Rules · Terms of Use and Privacy Policy · Bug Bounty

City-Data.com - Archive 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35 - Top