Privacy legislation might provide a powerful guard against online identity fraud
June 14, 2022 – Published on CyberScoop
Long-awaited federal privacy legislation could be a powerful tool in the fight against online fraud, some experts say.
Privacy experts at a House Energy and Commerce Committee hearing on Tuesday praised a provision in the American Data Privacy and Protection Act focused on data minimization, which requires companies to limit the collection and retention beyond what is necessary for their operations. That includes the kind of personal information cybercriminals rely on to commit identity theft and other fraud.
Also relevant to protecting sensitive information is the bill’s focus on “privacy by design,” defined by the bill as companies enacting “reasonable policies, practices, and procedures for collecting, processing, and transferring covered data.”
The legislation doesn’t outline what these practices should look like but the FTC, which has in recent months staked ramped up its privacy enforcement, would issue guidance per the legislation.
Extensive data collection can come back to burn companies when a security incident occurs, as numerous data breaches have shown. Guidance on how to rein in data collection could be helpful to businesses, says Bryan Orme, principal and partner at GuidePoint Security.
“A lot of times the data that gets leaked by these threat actors is data that executives didn’t realize they even had,” said Orme.
Read More HERE.