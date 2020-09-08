You’re sitting across the desk from a bank loan officer to refinance your home mortgage and take advantage of extraordinarily low-interest rates when he reveals that your credit is hopelessly overextended. You’ve financed two new cars, secured a massive personal loan and opened (and become delinquent on) dozens of credit cards in the past year.
Not only that, but your digital double has also pocketed a six-figure loan secured by the equity in your home and vanished without a trace.
The blood drains from your face and panic makes breathing difficult as you realize that a cybercriminal found enough private information about you to become you, to take over your finances, to steal most everything you’ve worked a lifetime for, to leave you with debts it would take several lifetimes to repay. You face a terrifying, complicated, years-long struggle to reclaim your good name and claw back what’s been lost.
Our most intimate data now reside in digital form, and much of it is frighteningly accessible to cyberthieves ranging in skill and resources from military units of hostile foreign powers to basement dwellers who haven’t seen the sun in months. Data breaches were a global pandemic decades before the coronavirus arrived, but only in recent years have governments begun mandating safeguards be taken by those who gather, analyze, store, buy and sell information about us.
According to research from Richmond-based Risk Based Security, while the 2,037 reported data breaches for the first six months of 2020 is down 52 percent from the first half of 2019, the estimated 27 billion records exposed in those breaches is more than double the 12 billion records compromised during the same period a year earlier. Among the stolen data were 90 million payment card records, and even more Social Security and financial account numbers, the report said. Prime targets were in the information, health care, finance and insurance and public administration sectors of the economy.
Twenty years into the 21st century and 40 years since email became a thing, Virginia is considering a raft of new data privacy and security legislation that would impose upon businesses tighter minimum requirements on gathering, securing and retaining data, mandate its safe destruction and limit how fast-emerging, Orwellian technologies such as facial recognition paired with artificial intelligence can be deployed and used.
The first to act in a meaningful way was the European Union, which adopted the General Data Protection Regulation, the world’s broadest, strictest and most confining data privacy rules on earth. The GDPR, which took effect in May 2018, defines what data may be legally collected about any person in the EU, how and where it may be gathered and kept, processes for informing people about their data and for permanently destroying that data upon their request. It also establishes prohibitive penalties, enforceable worldwide, for violators.
