
Senator Kirsten Gillibrand: The U.S. Needs a Data Protection Agency - sxp
https://medium.com/@gillibrandny/the-u-s-needs-a-data-protection-agency-98a054f7b6bf
======
paulmendoza
The US needs an agency that helps businesses and citizens with security. If
China is attacking our citizens we need a national style defense of our
business and IP. For example, right now lots of decisions are left up to each
company to decide how to best secure data. Equifax is a great example. They
were leaving servers unpatched and I think not removing access for former
employees.

There also needs to be a licensing system for any company or person that is
going to have access to PII data for more than 25k people. People in this
position need extra training, especially developers. Many developers learn
about information security on the job but it should be a formalized training
system. We keep seeing the same dumb mistakes being made at companies like
leaving databases unsecured or S3 buckets public.

------
Accujack
Not a bad idea, but the fundamental thing that needs to happen is that US laws
have to be fully updated for the computer age, with privacy protections and
limits on what collected information be used for.

------
IXxXI
The U.S. doesn't need more agencies, it needs to prevent china from stealing
valuable intellectual and copyrighted property like the F-35 stealth fighter
data china stole to build its j-20.

------
DoofusOfDeath
IIUC, the proposal is for a government agency that would take enforcement
action on behalf of aggrieved citizens. I'm skeptical that it would achieve
those goals, at least for most citizens. Consider the FCC under Ajit Pai.

I'm guessing a better solution is this combination:

(a) legislation similar to the EU's GDPR, _and_

(b) legislation that prohibits consumer-oriented products and services from
requiring EULAs or other licensing terms that give up the rights granted under
(a), _and_

(c) grants private individuals the right to bring lawsuits for violations of
(a,b)

