I’m working on a computer science question and need guidance to help me study.
In your responses to your peers’ discussion posts:
- Discuss whether you agree or disagree with your peers’ ideas on changes to the laws or regulations regarding PII.
PEER POST # 1:
The main change I would recommend to the current laws and regulations involving the protections of personally identifiable information is to consolidate are the regulations into one single federal law. As of right now, there is no single law. The FTC Act prohibits unfair or deceptive trade practices involving the collection or disclosure of PII. The GLBA regulates PII for financial institutions. The HIPPA act keeps individual’s healthcare information safe. The Telephone Consumer Protection Act applies to telemarketing. The Children’s Online Privacy Protection Act prohibits online collection of information from children under the age of thirteen. FERPA protects student records. It seems that consolidating all of these regulations into one single law would make enforcing the regulations and ensure compliance easier. Instead of trying to decipher which law or regulation you need to check to make sure you are not violating policy, you would only need to be familiar with one main law. The government can ensure that companies get more serious about protecting personal data by being more proactive and conducting regular assessments. Many times the government is reacting to violations after they have occurred. Conducting regular assessments would help to reduce these violations, both because companies would be more apt to adhere to regulations if they knew they would regularly be audited and because they could correct vulnerabilities and risks before they occur.
PEER POST # 2:
One change I would like to see is an an actual law written to protect personal identifiable information or PII. Right now there is not a single law that protects PII. Something has to be done, especially considering the number of breaches that are happening on what seems to be a daily basis. Just the other day I found out that one of our customers was hit with a ransomware attack and their network has been down for 30 days. I would like to see a change in how companies are required to protect our data. Right now there are regulations that protect health information that are called HIPPA regulations. Why can’t we have that on a more broad basis? I believe there is a lot of room for growth in this area for laws and regulations. I have worked in the banking industry with ATM systems and security and it seems that the crooks are always a step ahead. We have to mitigate things as best we can to protect our PII.