Experts warn Congress tech world won't protect privacy by itself

Advances in technology have posed many privacy concerns, not the least of which is Internet-connected toys that can transmit personal information to marketers.

Now comes a warning that the tech industry isn't going to protect consumers' details by itself.

The Electronic Privacy Information Center recently submitted comments to Congress as it was reviewing the National Telecommunications and Information Administration.

EPIC pointed out that a recent Equifax data breach "exposed the personal information of more than 145 million Americans" to hackers.

And each breach could become a case that threatens the "privacy, security and financial stability of American consumers."

"Far too many organizations collect, use, and disclose detailed personal information with too little regard for the consequences," the group said in a letter signed by its president, Marc Rotenberg, and others.

The letter was to Rep. Marsha Blackburn, R-Tenn., of the House Committee on Energy and Commerce subcommittee on Communications and Technology.

The lawmakers were holding a hearing on oversight of the NTIA.

"The unregulated collection of personal data has led to staggering increases in identity theft, security breaches, and financial fraud," the letter said.

So Congress should work on "meaningful safeguards."

"There are massive privacy and security implications of the growing 'Internet of Things.' Many IoT devices feature 'always on' tracking technology that surreptitiously records consumers' private conversations in their homes. Companies say that the devices rely on key words, but to detect those words, the device must always be listening."

Why is it up to Congress?

"The NTIA's multi-stakeholder processes for addressing these challenges simply do not work – they result in weak, voluntary self-regulatory regimes. Industry self-regulatory programs do not provide meaningful privacy protections," the letter said.

"The NTIA should support a strong legal framework that protects American internet users and promotes public safety."

Without intervention and new safeguards, "the country will face growing risk," the group said.

New technology issues have developed with the release of products such as connected cars, smart homes, various consumer products and always-on devices.

WND reported just weeks ago when the Online Trust Alliance said 2017 was another "worst ever year" in personal data breaches and cyber incidents around the world, with attacks up 18 percent to nearly 160,000.

"Attacks involving data theft, ransomware takeovers, business email compromise (BEC) for financial or credential theft and infiltration of Internet of Things (IoT) connected devices hit organizations both large and small," the report said.

"In terms of data breaches, Equifax's headline-making incident exposing personal financial/credit data on 145 million people across several countries not only underscores the breadth of the problem and its cause (lack of basic security update actions), but highlights how rigor may be lacking even in organizations we view as expert," the report continued.

"In addition, Equifax's response was a playbook of how not to handle a breach: slow disclosure; a poorly designed external breach response site; mistakenly Tweeting an incorrect, similar-sounding URL; confusing public messaging; conflicting actions surrounding potential class action suits; and unseemly executive stock trades. Every facet of the Equifax breach undercut trust and amplified the company's lack of readiness. Data breach expenses for Equifax already approach $90 million, even before government actions or consumer litigation."

The report found 159,700 cyber incidents, noting 93 percent of the breaches could have been prevented. There was an 18.2 percent increase in reported incidents, with some 7 billion records exposed in just the first three quarters. Ransomware attacks, a type of malicious software, cost $5 billion. There was a 90 percent increase in business-targeted ransomware.