This could be the most impactful national cybersecurity and data privacy legislation in the last couple years. Senator Ron Wyden from Oregon introduced this bill, the “Mind Your Own Business” Act. It has three core parts to the bill with each addressing a different need for both the US public and the cybersecurity industry.
1: It allows consumers the ability to opt out of data collection and sale with one click.
2: It forces corporations to be transparent with their consumer data collection, usage, and sale.
3: Harsh fines to corporations and prison sentences to executives that misuse or lie about how their consumer data is being used.
A lack of corporate transparency plays a huge part in all of this; it is often prohibitively difficult to understand what's happening with your data, even if that information is available at all.
With the power of consumer privacy rights exemplified in Europe by GDPR, individual states in the US have started to followed suit. First was California, a national leader in the technology space, who took lead on the issue with the California Consumer Privacy Act (CCPA), which goes into effect on January 1st 2020. Nevada followed shortly with the SB 220, which actually beat California on enacting their privacy laws as the SB 220 went into effect on October 1st 2019. Many other states are in the process of passing legislation controlling the usage of their citizens data making for potentially tumultuous compliance and regulatory conditions for businesses that operate in multiple states. This national bill could be the standard for all US states that would simplify privacy laws for businesses and more importantly, open up the ability for US citizens nationwide to regain control of their data; something they have never had the option to do.
The last part of the bill is equally crucial, enforcing accountability in corporations and executives that abuse consumer information. HIPAA does this already for companies and C-levels in healthcare or who collect/use Protected Health Information (PHI) or Electronic Protected Health Information (ePHI). At GoVanguard, when we explain the accountability portion of HIPAA to healthcare executives, they are often surprised at the consequences of mismanaged PHI/ePHI both on a corporate level and personal. Executives place a higher priority on implementing best security practices and protecting PHI/ePHI when there are personal consequences. Similarly, when companies face impactful fines for mismanagement of their clients' information, they prioritize security.
This bill is a promising start to turning around the abuse of what should be private data as well as avoiding the regulatory minefield of differing individual state privacy laws.