@AndreaMoore wrote:- Have you noticed an increase in inconsistent and conflicting cybersecurity regulations and standards in your industry as a cybersecurity professional?
What Congress and the courts need to do is sort out authority. Every state has its own set regulations under its authority to regulate business and corporations. However, the federal government always gets pulled in under the umbrella of interstate commerce. If it is a public corporation, you now have the SEC to think about. And when I say "state," it's really all 50 that you have to look at since you can have employees or customers in each of them.
To me the problem isn't that we haven't kept with this "new" technology. Lawmakers have allowed the bells and whistles to distract them from recognizing and applying core legal concepts. If Congress is aghast at Social Media, all it needs to do is eliminate the clause in the Communications Decency Act that exempts online providers from libel and other liability associated with what gets posted on their platforms. These platforms reach more people than any daily newspaper. Yet that newspaper is considered a publisher (subject to libel, invasion of privacy, etc.) and that platform, whose billions in advertising revenue is putting that newspaper out of business, acts with impunity.
You could take the same approach for personal information - essentially it is an issue of copyright. Again companies make billions trading, selling info that is not directly related to the conduct of their primary business. They're making money off my information. If they're going to be allowed to do that, I should be compensated.
In the end, the real problem, especially at the state level is that government exempts itself from regulation. Given that government is one of the biggest custodians of data such exemption misses the mark
