100%(17)17 out of 17 people found this document helpful
This preview shows page 9 - 12 out of 23 pages.
There have been collaborations between the federal government and non-federal entities to mitigate cyber threats against critical infrastructures, but there are still limitations to the type of information private organizations share with the government due to privacy act in the United States. The DOJ should still prevent the government from collecting information about US citizens
Cybersecurity Threat Landscape 10 if there is no sign imminent threat. Private organizations should be mandated to share any PII of individual or group that could pose a threat to the nation’s economy and security. This should be included as amendment to the Cyber-security Act of 2015 to further foster public-private relationship and mitigate cyber threat indicators and promote sharing of defense measures through established entities. Part 3: Private Sector Organizations As a private sector organization, do you believe that an equivalent to GDPR should be implemented in the United States? To properly regulate the appropriate protection for user's data and privacy, The European Union (EU) implemented the General Data Protection Regulation (GDPR) in 2018. GDPR can be considered as the world's strongest set of data protection rules, which enhances how people can access information about them and place limitations on what organizations can do with personal data. The regulation exists as a framework for laws across the continent and replaced the previous 1995 data protection directive (Burgess, 2020). With the GDPR in place by the European Union, companies were required to comply with its requirement, or else they were subjected to penalties and fines. The objective of such regulation by the European is to help protect user's data in a safe state or while processing or moving personal data. They wanted to make sure this regulation is streamlined and consistent with all businesses instead of them implementing their own that may not meet the appropriate standards or the GDPR. I find it hard to believe the United States does not have a similar regulation when it comes to data protection. The problem with U.S companies is that everyone wants to have their own regulations and innovation and strongly oppose to having a regulation that is streamlined with limitations. Companies want to control how data can
Cybersecurity Threat Landscape 11 be accessed without government mandated regulation that may suggest possible fines or penalties. Another argument is that the current End User License Agreements (EULA) is enough and anything else should be regulated by businesses. However, the United States has other mandated regulation especially when it comes to a person’s health information. Companies are required to follow the Health Insurance and Portability Accountability Act (HIPAA) implemented in 1996, the Gramm-Leach-Bliley Act of 1999, and the Homeland Security Act also known as the Federal Information Security Management Act of 2020. Although those acts