{"id":7892,"date":"2023-04-18T14:21:26","date_gmt":"2023-04-18T18:21:26","guid":{"rendered":"https:\/\/joindeleteme.com\/blog\/?p=7892"},"modified":"2025-02-24T16:42:42","modified_gmt":"2025-02-24T21:42:42","slug":"data-broker-hearings-secure-by-design","status":"publish","type":"b2b-post","link":"https:\/\/joindeleteme.com\/business\/blog\/data-broker-hearings-secure-by-design\/","title":{"rendered":"Data Broker Hearings, CISA Security Standards &amp; Telegram Bots \u2013 Apr 2023 Newsletter"},"content":{"rendered":"\n<div class=\"wp-block-rank-math-toc-block uk-card-default uk-padding-small\" style=\"font-size:16px\" id=\"rank-math-toc\"><h4>Table of Contents<\/h4><nav><ul><li><a href=\"#privacy-law-developments-in-iowa-indiana-washington-arkansas-montana\">Privacy Law Developments in Iowa, Indiana, Washington, Arkansas, Montana\u00a0\u00a0<\/a><\/li><li><a href=\"#house-data-broker-hearing-cisa-publishes-secure-by-design-standards\">House Data Broker Hearing, CISA Publishes &#8216;Secure By Design&#8217; Standards\u00a0<\/a><\/li><li><a href=\"#the-growth-of-automated-social-engineering-via-telegram\">The Growth of Automated Social Engineering via Telegram\u00a0<\/a><\/li><li><a href=\"#interesting-reading-from-the-iapp-b-2-c-companies-take-note\">Interesting Reading from the IAPP [B2C Companies, Take Note!]<\/a><\/li><li><a href=\"#check-out-our-latest-blog-posts\">Check Out Our Latest Blog Posts<\/a><\/li><li><a href=\"#delete-me-in-the-news\">DeleteMe in the News<\/a><\/li><li><a href=\"#events-webinars\">Events &amp; Webinars<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"privacy-law-developments-in-iowa-indiana-washington-arkansas-montana\">Privacy Law Developments in Iowa, Indiana, Washington, Arkansas, Montana&nbsp;&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/www.dataguidance.com\/opinion\/iowa-and-then-there-were-six-what-you-need-do-comply\" target=\"_blank\" rel=\"noopener\">Iowa<\/a> and <a href=\"https:\/\/www.jdsupra.com\/legalnews\/indiana-legislature-passes-consumer-3286722\/\" target=\"_blank\" rel=\"noopener\">Indiana<\/a> have become the sixth and seventh states to pass comprehensive consumer online privacy laws; others are expected to follow later this year.&nbsp; Both new laws largely track the approach of the \u201c<a href=\"https:\/\/iapp.org\/news\/a\/2023-state-privacy-prospects-bring-new-paradigm\/\" target=\"_blank\" rel=\"noopener\">WPA Model<\/a>\u201d shared by CO, CT, and VA and are considered generally weaker than California\u2019s CCPA framework.&nbsp; A comparison of existing state privacy law details is available <a href=\"https:\/\/www.bytebacklaw.com\/wp-content\/uploads\/sites\/631\/2023\/04\/Indiana-Chart.pdf\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>\n\n\n\n<p>The Washington state legislature recently passed the <a href=\"https:\/\/www.bytebacklaw.com\/2023\/03\/analyzing-the-washington-state-my-health-my-data-act\/\" target=\"_blank\" rel=\"noopener\">My Health, My Data Act<\/a>, which includes a private right of action similar to the IL Biometric Information Privacy Act (BIPA) and broadly defines both \u2018health data\u2019 and covered entities.&nbsp;This will be one to pay attention to.<\/p>\n\n\n\n<p>Additionally, <a href=\"https:\/\/apnews.com\/article\/arkansas-facebook-children-social-media-restrictions-c8f14534e2452d8b0f102d6eb17cbe44\" target=\"_blank\" rel=\"noopener\">Arkansas<\/a> has joined Utah in passing age-verification restrictions on social media use, and the <a href=\"https:\/\/archive.is\/jJRZg\" target=\"_blank\" rel=\"noopener\">Montana<\/a> legislature advanced a complete ban on TikTok, which now awaits the Governor\u2019s approval.&nbsp; Social media age-verification proposals are also quickly advancing in other states, including Ohio, Connecticut, and Minnesota.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"our-take\"><strong>Our Take<\/strong><\/h3>\n\n\n\n<p>While more states are passing relatively weak, cookie-cutter privacy legislation, we still see it as a welcome trend. It provides a foot in the door for future improvement and will pressure Congress to meet a higher standard with any eventual Federal privacy laws.&nbsp;&nbsp;<\/p>\n\n\n\n<p>By contrast, we think the current \u2018age-verification\u2019 regulations are negative developments for online privacy, as well as likely to eventually end up facing <a href=\"https:\/\/www.deseret.com\/opinion\/2023\/4\/6\/23661741\/utah-social-media-teens-age-verification\" target=\"_blank\" rel=\"noopener\">constitutional challenges<\/a>.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Including the private right of action in Washington\u2019s Health Data bill is notable and may prompt similar me-too legislation elsewhere.<\/p>\n\n\n\n<p id=\"federal\"><\/p><hr class=\"wp-block-separator has-alpha-channel-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\" id=\"house-data-broker-hearing-cisa-publishes-secure-by-design-standards\">House Data Broker Hearing, CISA Publishes &#8216;Secure By Design&#8217; Standards&nbsp;<\/h2>\n\n\n\n<p>The House Oversight and Investigations Subcommittee will hold a hearing on \u201c<a href=\"https:\/\/energycommerce.house.gov\/events\/oversight-and-investigations-subcommittee-hearing-who-is-buying-and-selling-your-data-shining-a-light-on-data-brokers\" target=\"_blank\" rel=\"noopener\">The Role of Data Brokers in the Digital Economy<\/a>,\u201d scheduled for April 19th [<a href=\"https:\/\/energycommerce.house.gov\/events\/oversight-and-investigations-subcommittee-hearing-who-is-buying-and-selling-your-data-shining-a-light-on-data-brokers\" target=\"_blank\" data-type=\"URL\" data-id=\"https:\/\/energycommerce.house.gov\/events\/oversight-and-investigations-subcommittee-hearing-who-is-buying-and-selling-your-data-shining-a-light-on-data-brokers\" rel=\"noreferrer noopener\">view recording<\/a>].<strong>&nbsp; <\/strong>As described by committee members:<\/p>\n\n\n\n<p><em>\u201cThis hearing will give our members a chance to shine a light on the role of data brokers and educate Americans on unchecked collection of their sensitive personal information. It will also highlight the further need for a strong national data privacy standard.\u201d<\/em><\/p>\n\n\n\n<p>Also this month: CISA, the US Cyber Defense Agency, published a \u201c<a href=\"https:\/\/www.cisa.gov\/securebydesign\" target=\"_blank\" rel=\"noopener\">Secure by Design, Secure by Default<\/a>\u201d set of recommendations for software developers to improve base-level privacy and security standards as part of Biden\u2019s recently proposed National Cybersecurity Strategy.<\/p>\n\n\n\n<p>While the standards have no regulatory force, they represent, according to the Washington Post, \u201ca potentially contentious multiyear effort that aims to shift the way software makers secure their products.\u201d<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"our-take-1\">Our Take<\/h3>\n\n\n\n<p>The recent <a href=\"https:\/\/www.cbsnews.com\/news\/at-least-17-congress-members-sensitive-information-data-breach\/\" target=\"_blank\" rel=\"noopener\">congressional data breach<\/a> might motivate a few members to take consumer data privacy regulation more seriously. Still, we have low expectations for new developments in Federal data broker oversight or hardening enforcement around cybersecurity standards.&nbsp;<\/p>\n\n\n\n<p id=\"cybersecurity\"><\/p><hr class=\"wp-block-separator has-alpha-channel-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\" id=\"the-growth-of-automated-social-engineering-via-telegram\">The Growth of Automated Social Engineering via Telegram&nbsp;<\/h2>\n\n\n\n<p><a href=\"https:\/\/securelist.com\/telegram-phishing-services\/109383\/\" target=\"_blank\" rel=\"noopener\">Kapersky Labs reports<\/a> that hackers increasingly provide &#8216;how-to guides\u2019 and software toolkits to automate the data collection and targeting processes of social engineering attacks, and they&#8217;re doing so via automated bots on platforms like Telegram. A <a href=\"https:\/\/cofense.com\/blog\/cofense-intelligence-strategic-analysis\/\" target=\"_blank\" rel=\"noopener\">report from Cofence<\/a> noted in January that the use of Telegram bots for credential phishing grew 800% in 2022 over 2021.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"our-take-2\"><strong>Our Take<\/strong><\/h3>\n\n\n\n<p>While phishing toolkits are nothing new, the use of relatively low-tech, mainstream platforms like Telegram indicates the growing maturity of the industry and the relative ease with which aspiring hackers can begin launching attacks at scale.<\/p>\n\n\n\n<p id=\"iapp\"><\/p><hr class=\"wp-block-separator has-alpha-channel-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\" id=\"interesting-reading-from-the-iapp-b-2-c-companies-take-note\">Interesting Reading from the IAPP [B2C Companies, Take Note!]<\/h2>\n\n\n\n<p>The International Association of Privacy Professionals just held its Global Privacy Summit in Washington DC and in case you didn&#8217;t attend, here is a good <a href=\"https:\/\/www.marketingbrew.com\/stories\/2023\/04\/10\/here-s-what-we-heard-at-the-iapp-s-global-privacy-summit\" target=\"_blank\" rel=\"noopener\">summary of takeaways from the event.<\/a><br><br>Also, their Privacy and Consumer Trust Infographic provides some insights from their recent <a href=\"https:\/\/iapp.org\/resources\/article\/privacy-and-consumer-trust-summary\/\" data-type=\"URL\" data-id=\"https:\/\/iapp.org\/resources\/article\/privacy-and-consumer-trust-summary\/\" target=\"_blank\" rel=\"noreferrer noopener\">global consumer survey <\/a>which highlights, among other interesting facts, that cybersecurity incidents do impact which companies consumers are willing to buy goods\/services from.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"check-out-our-latest-blog-posts\">Check Out Our Latest Blog Posts<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/joindeleteme.com\/business\/blog\/open-data-hidden-risk-breach-prevention-tips\/\" data-type=\"link\" data-id=\"https:\/\/joindeleteme.com\/business\/blog\/open-data-hidden-risk-breach-prevention-tips\/\">Open Data, Hidden Risk: Publicly Available Employee Data &amp; Cyber Risk&nbsp;[+ Breach Prevention Tips]<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/joindeleteme.com\/business\/blog\/how-cybercriminals-use-data-brokers-for-executive-phishing\/\">How Cybercriminals Use Data Brokers for Executive Phishing<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/joindeleteme.com\/business\/blog\/data-broker-opt-outs-for-executive-cybersecurity-protection\/\">Why Data Broker Opt-Outs Are Crucial for Executive Cybersecurity Protection<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"delete-me-in-the-news\">DeleteMe in the News<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Check out our<a href=\"https:\/\/joindeleteme.com\/business\/blog\/deleteme-in-the-news-in-2023\/\" target=\"_blank\" rel=\"noreferrer noopener\">&nbsp;running log<\/a>&nbsp;of DeleteMe in the news in 2023.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"events-webinars\">Events &amp; Webinars<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/joindeleteme.com\/business\/blog\/rsa-conference-2023-excited-exhibitor-alert\/\" target=\"_blank\" rel=\"noreferrer noopener\">We\u2019ll be at RSA Conference 2023 on April 24-27 in San Francisco. See you there?<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Privacy Law Developments in Iowa, Indiana, Washington, Arkansas, Montana&nbsp;&nbsp; Iowa and Indiana have become the sixth and seventh states to pass comprehensive consumer online privacy laws; others are expected to follow later this year.&nbsp; Both new laws largely track the approach of the \u201cWPA Model\u201d shared by CO, CT, and VA and are considered generally [&hellip;]<\/p>\n","protected":false},"author":16,"featured_media":7893,"menu_order":0,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"b2b-category":[45],"class_list":["post-7892","b2b-post","type-b2b-post","status-publish","format-standard","has-post-thumbnail","hentry","b2b-category-resources"],"acf":[],"_links":{"self":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post\/7892","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post"}],"about":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/types\/b2b-post"}],"author":[{"embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/users\/16"}],"version-history":[{"count":0,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post\/7892\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/media\/7893"}],"wp:attachment":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/media?parent=7892"}],"wp:term":[{"taxonomy":"b2b-category","embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-category?post=7892"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}