While Americans enjoy a number of privacy and data handling laws, the US as a whole continues to slip further behind the curve while other developed nations crank out legislation to meet the increasing cyber threat. Though industry best practices and standards, such as the Payment Card Industry Data Security Standard (PCI DSS) are widely known and adopted, federal legislators have done comparatively little to make these things mandatory in the business sector. HIPAA and GLBA are two of the most prominent data protection laws in place today, though they only go so far as to protect healthcare and financial information. As such, companies generally abide only by their own privacy policies, which they have the convenience of drafting themselves. Thanks to the current government shutdown, cyber criminals and data-bleeding corporations continue normal operations, while federal security professionals find their work postponed, their research unfunded, and their departments closed.
Outside of simply refraining from using a vendor or service, consumers in the US have few options for protecting, viewing and deleting data that is collected. In some cases, personal data can still be obtained from people we associate with, even if we don’t use a particular services ourselves. Though the country has a few good apples, such as California’s Consumer Privacy Act, European nations maintain stricter privacy laws that places control of information back into the hands of the individuals to whom it matters most. The General Data Protection Regulation, for example, forces the erasure of information and its duplicates following its original processing use. Government employees who can advocate for similar policies find their organizations in disarray during the shutdown, bringing many important public services to a halt. The National Institute of Standards and Technology (NIST) is currently experiencing the dismissal of 85% of its workforce, potentially delaying the release of security guidelines. Other departments, such as Homeland Security and the Computer Emergency Response Team have furloughed employees, forcing essential security workers to maintain cyber efforts with constricted resources. As the shutdown continues, security teams across the country suffer while vulnerability research remains suspended or understaffed. Federal employees will also take into account the volatility of their work as higher-paying corporate jobs continue to rise. Cyber is a living, breathing entity woven across the globe, and it doesn’t stop because of anarchy in D.C.