Skip to main content

Republicans & the FTC’s Data Privacy Rules, Social Engineering & Gov Workers: November 2022 Newsletter

Republicans & the FTC’s Data Privacy Rules, Social Engineering & Gov Workers: November 2022 Newsletter

DeleteMe

November 29, 2022

Reading time: 4 minutes

In the November 2022 edition of our business privacy newsletter, you’ll find our take on:


Republican Senators tell FTC to Back off New Data Privacy and Surveillance Rules

In early November a trio of Republican Senators sent a letter to FTC Commissioner Lina Khan urging the agency to halt its new rule-making process on commercial surveillance and consumer data privacy. They argued FTC was usurping Congressional regulatory authority, adding to needless complexity already created by a patchwork of new state data privacy laws, and increasing compliance costs for businesses, reducing a company’s ability to innovate, and disproportionately hurting small businesses.

Our Take

In theory, the case that FTC’s timing is inappropriate has some merit given that Congress currently has a comprehensive data privacy bill (the American Data Privacy and Protection Act, “ADPPA”) before them. Additionally, control of the House has recently changed hands in Republicans’ favor, which may give the Republicans a greater opportunity to shape its future.

But neither party has shown any particular appetite for action on data privacy laws over the past decade, with each favoring either ‘no new regulation’, or a watered-down bill that renders new state laws toothless. The FTC rule-making process is also notoriously slow, and the current value it may serve is to help identify key areas for improvement that should be included in any eventual legislation


Social Engineering Attacks Increasingly Targeting Government Workers 

A recent report from security firm Lookout claims a 50%+ annual increase in phishing attacks targeting state, local, and federal employees over the past two years.  Analysts suggest growth is being driven by both adversarial nation-state actors, as well as financially motivated criminal gangs who have found targets like state benefits agencies easier pickings compared to the increasingly more threat-aware private sector.

Our Take

The pandemic has created greater risk susceptibility across the entire economy over the last two years, with a growing number of employees working remotely, and increasingly relying on personal devices for sensitive credential authentication. That government is poorly prepared and increasingly targeted, is born out in a wide range of research. While there has been growth in State and Federal cybersecurity spending over the past two years, much of it remains concentrated among a few agencies and is unlikely to change the status quo in the near term.


California’s Child Privacy Framework Could Become National Standard

In September of this year, California passed its “Age-Appropriate Design Code” into law (modeled after the United Kingdom’s ‘Children’s Code’), requiring online services accessed by children under 18 years old to comply with heightened privacy requirements.  Other states (like NY, PA, and WA) quickly introduced copycat bills, and the Senate recently advanced the Kids Online Safety Act (KOSA) –  a collection of updates to the Children’s Online Privacy Protection Act (COPPA) – out of committee.  KOSA includes many similar provisions to CA’s framework, despite many serious concerns about the inherent vagueness of the requirements, and the perverse fact that this approach to ‘privacy’ mandates more intrusive data collection by service providers rather than less.

Our Take

It may come as a surprise that this is an area of privacy regulation that many privacy advocates oppose.  As The Electronic Frontier Foundation (EFF) puts it:

“These bill(s), supposedly designed to protect our privacy, actually require tech companies to collect more data on internet users than they already do.” 

Legislators may be eager to be seen as “doing something” about privacy because it is politically popular, while quietly shelving the harder, less headline-friendly consumer privacy rules like those proposed in the American Data Privacy and Protection Act


DeleteMe In The News

Check out our log of where DeleteMe has been featured in the news in November.


Upcoming Events

CIO & CISO Perspectives
We are excited to meet the CIOs, CISOs, and other senior technology executives gathering to talk about the biggest IT and security issues they’ll face in 2023. Let us know if you are attending this event in San Francisco and would like to meet up by reaching out to our sales team or, even better, come by our table at the event to say hello!

SHARE THIS ARTICLE
DeleteMe was created in 2010 when we realized the difficulty of navigating privacy issues in today’s interconnected and digital world. Our mission is to provide everyone with the power to control t…
DeleteMe was created in 2010 when we realized the difficulty of navigating privacy issues in today’s interconnected and digital world. Our mission is to provide everyone with the power to control t…
How does DeleteMe privacy protection work?
  1. Employees, Executives, and Board Members complete a quick signup
  2. DeleteMe scans for exposed personal information
    Opt-out and removal requests begin
  3. Initial privacy report shared and ongoing reporting initiated
  4. DeleteMe provides continuous privacy protection and service all year
Your employees’ personal data is on the web for the taking.

DeleteMe is built for organizations that want to decrease their risk from vulnerabilities ranging from executive threats to cybersecurity risks.

Want more privacy
news?

Join Incognito, our monthly newsletter from DeleteMe that keeps you posted on all things privacy and security.

Is employee personal data creating risk for your business?

DeleteMe provides business solutions for the enterprise, public orgs and public interest groups.

Is employee personal data creating risk for your business?

DeleteMe provides business solutions for the enterprise, public orgs and public interest groups.

Related Posts

10 Ways to Reboot Your Privacy at Work

When personal data is out there on the open web it can lead to privacy and security incidents at work that open you—and your company—up to risk. Fo…
DeleteMe
October 3, 2022

Our 2022 Cybersecurity Excellence Award Speech: How We Started, Where We’re Going

We are excited to announce that DeleteMe was recognized (twice!) with 2022 Cybersecurity Excellence Awards, an annual competition honoring ind…
DeleteMe
February 10, 2022

The Time is Now to Limit Russian Hacker Access to Publicly Available PII

Although the launch of ContiLeaks and the information revealed there didn’t slow the Russian Hacker gang down, it did provide everyone here a…
Will Simonds
March 10, 2022