“Most companies publish a privacy policy, which helps create a transparent and accountable mechanism for regulators to ensure companies are adhering to their stated policies,” said Daniel Castro in the Christian Science Monitor. “However, no such system exists for security practices, which has resulted in vague standards, regulation by buzzword, and information asymmetry in markets. By publishing security policies, companies would be motivated to describe the types of security measures they have in place rather than just make claims of ‘we take security seriously.’ This is a concrete step that policymakers can take to improve security practices in the private sector.”

What Keeps Cybersecurity Experts Up at Night?

A commonsense fix would be for the bill to only require companies to comply with lawful court orders when doing so is technically feasible, says Daniel Castro in The Hill.

The One Change That Would Make the Burr-Feinstein Encryption Bill Tenable

Congress should pass legislation to create a national privacy framework that streamlines regulation, preempts state laws, establishes basic consumer data rights, and minimizes the impact on innovation.

To Do: Create a National Privacy Framework

Congress should establish a uniform federal standard for data-breach notification to extricate consumers from the current patchwork of different state requirements that provide uneven protection.

To Do: Establish a National Standard for Data-Breach Notification

Congress should require that law enforcement obtain a probable-cause warrant to access communications cloud service providers store.

To Do: Require Probable Cause to Access Communications Stored in the Cloud

In testimony before the House Subcommittee on Commerce, Manufacturing, and Trade, Daniel Castro argued that efforts to formulate IoT policy need to balance the need for strong privacy and security practices with continued innovation and technological development.

Testimony Before the House Subcommittee on Commerce, Manufacturing, and Trade on IoT

Congress should pass legislation requiring that all states collect corporate beneficial-ownership data and make it easily accessible to regulators and the public by publishing it online in open and machine-readable formats.

To Do: Require Corporate Data Transparency

Congress should reform the Electronic Communications Privacy Act (ECPA) to ensure citizens have a right to privacy for electronic data whether it is stored on a device or remotely in the cloud.

To Do: Reform ECPA to Ensure Privacy Rights Apply to the Cloud

Passing the USA Freedom Act marked an important step forward, but Congress has more work to do to address the unresolved negative impact that surveillance is having on U.S. tech competitiveness, writes Alan McQuinn in Roll Call.

To Do: Require Companies to Publish Security Policies

Recommendation

Details

Editors’ Recommendations

How Congress Can Fix ‘Internet of Things’ Security

Related

What Keeps Cybersecurity Experts Up at Night?

The One Change That Would Make the Burr-Feinstein Encryption Bill Tenable

To Do: Create a National Privacy Framework