CYSE200T

Personal Data and Cybersecurity Risks

Posted by ladle001 on

In discussing personal data security and the current cybersecurity risks, I chose to draw parallels to the European Union due to the clear superiority of the processes that exist within their cybersecurity structure. In the National Cyber Security Index, of the top 10 ranking countries, the EU accounts for nine of them and only two countries rank below 50 (Kivimägi et al., 2023). This may be due to their overarching cybersecurity structure known as ENISA or other national policies.
Personal information security is a hot topic lately. Companies which are trusted with its users personal data face many ethical questions including:
Who owns the collected data,
How and when should personal data be stored, and
How much data do they need?
There are no federal laws in the United States protecting the consumer in these areas across all institutions. There are, however, a few laws which direct the protection of personal data in certain institutions such as the Gramm-Leach-Bliley Act, for financial institutions, and the Privacy Act of 1974, for Federal Agencies.
Conversely, in the European Union the General Data Protection Regulation of 2018 covers all of these topics (2018). House Resolution 8152, which protects American data privacy with the same vigor, was introduced to the House of Representatives in December of 2022, starting its long road to ratification. (Pallone, 2022)
When comparing the cybersecurity risks in the United States versus any non-NATO country, generally speaking, the difference is stark. According to the World Economic Forum, 2022 saw a 300% increase in “state-sponsored cyber attacks … in NATO countries” making managing these risks more critical in NATO countries (Joshi & Dobrygowski, 2023). One prevalent risk in the U.S. on the FBI Internet Crime Report “Top Five Crime Type Comparison” which compares the last five years of cyber complaints is phishing (2023). In 2022 there were 300,497 reported victims of phishing in the United States. That is a total of 62% of all reported internet crime incidents. When compared to members of ENISA (European Union Agency for Cybersecurity), of the 164 incidents required to be reported, only 9% were a form of phishing (2023).

CIRAS (2023). Incident reporting. Enisa | CIRAS. Retrieved May 28, 2023, from https://ciras.enisa.europa.eu/
Federal Bureau of Investigation (2023). Federal Bureau of Investigation Internet Crime Report 2022. Internet Crime Complaint Center (IC3). Retrieved May 28, 2023, from https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf#page=8
intersoft consulting (2018, May 25). GENERAL DATA PROTECTION REGULATION (GDPR). Retrieved May 28, 2023, from https://gdpr-info.eu/chapter-3/
Joshi, A., & Dobrygowski, D. (2023, March 9). The US has announced its National Cybersecurity Strategy: Here’s what you need to know. Retrieved May 28, 2023, from https://www.weforum.org/agenda/2023/03/us-national-cybersecurity-strategy/
Kivimägi, A., Kaska, K., Serrano, R., & Schulz, H. (2023). National Cyber Security Index. National Cyber Security Index. Retrieved May 28, 2023, from https://ncsi.ega.ee/
Pallone, F., Jr (2022, June 21). H.R.8152 – American Data Privacy and Protection Act. CONGRESS.GOV. Retrieved May 28, 2023, from https://www.congress.gov/bill/117th-congress/house-bill/8152/text

Leave a Reply

Your email address will not be published. Required fields are marked *