Experts weigh in on the House of Representatives and Senate votes to repeal the regulation preventing internet service providers from selling customers' web browsing and app usage data without consent.
President Trump indicated his intention to sign the bill, S.J. Res. 34. The data privacy regulations enacted late last year at the Federal Communications Commission, but which hadn't gone into effect yet, would have required ISPs to receive clear opt-in customer consent.
Information privacy, security and compliance consultant Rebecca Herold, president of the Des Moines, Iowa-based SIMBUS and CEO of The Privacy Professor, said this repeal of privacy and security protections under the law contains far-ranging consequences. “This change allows all ISPs, who provide broadband internet access services, to now be able to share and sell data about anything a consumer does with any computerized devices attached to networks to which ISPs provide the connectivity.”
Herold pointed out the BIAS can access all connected devices in a home. “Whenever we use a wearable connected device (fitness tracker, health tracker, etc.), smart device (thermostats, door locks, smart TVs), tablet, smart watch, laptop, smartphones, our activities are all logged by the BIAS. So not only does the BIAS know/log the websites we've visited, it also knows the devices we've used, as well as our locations, dates and times of our activities, files we've uploaded and downloaded, videos and photos we've viewed…pretty much everything (not purposefully encrypted) that has been transmitted.”
This rollback means ISPs can sell the online activities of credit union members to anyone willing to pay for it. “Who will be interested?” Herold asked. “Marketers, researchers, government agencies, investigators, law enforcement, any type of business that is looking for customers/clients to target, and those criminal organizations posing as legitimate businesses (yes, many do this).” Also, perhaps employers checking out the off-the-clock lives of their workers.
Herold noted entities could see how many members are visiting the credit union servers/sites, and the associated times, dates, locations, and types of activities with regard to uploads and downloads, etc.
“There are a wide range of security and privacy risks this law mitigated, which is why it was enacted in the first place,” Herold said. Such information could also reveal exploitable vulnerabilities – and good targets for phishing, ransomware and other types of malware – to cybercriminals.
In part two, we'll find out what kind of pressure this will place on credit unions' security policies and compliance issues.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
