lawmakers need to step up. don’t expect big tech to help.
by jonathan baron
i’m thankful for the european union. they watch out with much more diligence to protect privacy and do so with an eye to cybersecurity as well. but at least our regulators in the u.s. are fairly good, but slow, followers.
more cybersecurity: top tax vendors caught red-handed selling private taxpayer data | how hacker-proof is your firm? | it takes a village to stop cybercrime | one-third of cyber attacks involve small businesses | cyber insurance costs rise in health care as attacks soar | the why, what and how of cybersecurity for accountants | when cyber-crime hits close to home | cybersecurity for tax professionals |
more jon baron: top tax vendors caught red-handed selling private taxpayer data | client accounting services poised to surge in post-corona world | tax pros retake market share from diyers | three new technologies that will change everything [video] | economic mega-trends [video] | today’s best opportunities for accounting firms [video] | re-invest in your firm or get out? [video] | when tax work dies [video] | the big shift and the shakeout [video] | why the u.s. lags the world in tax tech [video]
exclusively for pro members. log in here or 2022世界杯足球排名 today.
i was reminded of this because the other day, i received my quarterly report from deleteme, which i use to periodically clean up my data being bought and sold without my knowledge on the open market. since our last report, my wife and i have had over 20 new third parties needing cleanup. unbelievable.
this data consists of personally identifiable information (pii) that can be very effectively tied together to build very accurate pictures of an individual. examples of pii are articles read, browser history, email content, online purchases, surveys, social media activity, videos watched, full names addresses and phone numbers and birthdates, driver’s license numbers, social security numbers, passport numbers, email addresses, vehicle registration numbers, biometric data (face, retinal or fingerprint scans), court records, plus medical, employment and financial histories. this is not inclusive. i could go on and on.
the european union (eu) has a number of laws and regulations that are designed to protect the privacy of its citizens. these laws are generally far more stringent than those in the united states. key differences between eu and u.s. privacy laws include:
- the right to be forgotten. eu citizens have the right to have their personal data erased from search engine results, even if the data is still accurate. this right is not recognized in the u.s.
- data protection by design. eu law requires businesses to take steps to protect the privacy of personal data from the outset, rather than waiting until there is a problem. this is known as “privacy by design.”
- data protection by default. eu law also requires businesses to set the default settings for privacy as high as possible. this means that personal data should only be collected and processed if it is absolutely necessary.
- stronger enforcement. the eu has a stronger enforcement arm for privacy laws than the u.s. the european data protection supervisor (edps) has the power to investigate companies and issue fines for breaches of the law. see the general data protection regulation (gdpr)
- the eprivacy directive. the eprivacy directive is a law that regulates the use of cookies and other tracking technologies. the directive prohibits the use of cookies without the consent of the user.
- the nis directive. the nis directive is a law that regulates the security of critical infrastructure. the directive requires organizations that operate critical infrastructure to take steps to protect their systems from cyberattacks.
these are just a few examples of how european countries go beyond the u.s. on security and privacy.
there was a very recent u.s. example of ignorance, general sloppiness and casual attitudes toward customer data. we recently heard about incredible abuses by do-it-yourself tax compliance providers h&r block, taxslayer and taxact relating to them sharing data with meta and google by using meta pixel and google analytics. this is outrageous and cannot stand. it certainly would not stand in europe.
the speed of action in the u.s. is quite poor, relative to other countries. i attribute this to the quality of leadership. what can we expect, given leaders like tuberville, boebert, comer, green, jordan, johnson, hawley, graham, gosar, gatz, mccarthy, biggs, desantis, roy and others, and the one they follow?
on the positive side, there is some action at the state level.
these states are the best in the u.s.:
- california: the california consumer privacy act (ccpa) is the most comprehensive privacy law in the u.s. it gives consumers control over their personal data and requires businesses to be more transparent about how they collect and use data.
- colorado: the colorado privacy act (colopa) is similar to the ccpa but has some additional provisions, such as the right to opt out of the sale of personal data.
- connecticut: the connecticut data privacy act (ctdpa) is a newer law that is still being implemented. it gives consumers some of the same rights as the ccpa, but it also has some additional provisions, such as a right to know the specific purpose for which their data is being collected.
- utah: the utah consumer privacy act (ucpa) is a newer law that is similar to the ccpa. it gives consumers some of the same rights, but it also has some additional provisions, such as a right to request that businesses delete their personal data.
- virginia: the virginia consumer data protection act (vcdpa) is a newer law that is similar to the ccpa. it gives consumers some of the same rights, but also has some additional provisions, such as the right to sue businesses for data breaches.
we will get there on privacy and security. it will just take time. and better leaders.