Over the years, we’ve seen the ever-increasing impact of what Is stolen:
The first thing that hackers stole were credit cards. While the credit card numbers were easy to steal online, it was also easy for financial institutions to limit liability – all the financial institution needed to do was cancel the card.
Next came the ransom of medical records. Records are circulated through the patient, doctor, hospital, and insurer – making them harder to secure and easier to hack.
Next up is the Internet of Things (IoT), which is the interconnection of devices. For instance, you get an automated ticket for running a red light: a photo of your car license plate passing the red light is connected to your DMV registration, and bingo! you receive a ticket in the mail. In the same way, your EZ Pass allows you to pay a road toll, connected to multiple motion cameras, and can also be used to issue a speeding ticket.
Next up, a new emerging area is the Internet of Behavior (IoB) which extends the interconnection of devices even further. IoB deals with the customer data residing inside the interconnected devices and is matched with data from other sources.
For example, today your car insurer is able to obtain your traffic violations and match it with your insurance policy. Soon they will be able to extend the gathering and use of personal data from multiple sources, i.e. to compare your actual odometer readings with the mileage assumptions they used when they underwrote your policy.
Eventually, they will be able to ascertain your average speed relative to what is legally allowable and even your state of mind based on your facial expressions. It’s not a far leap to consider the impact of the gathering of your personal information from multiple sources to evaluate credit decisions, admissions policies, and employment issues. The line between digital and physical boundaries will blur even further, increasing the impact of what is stolen. For example, if eventually your daily routines became known, it would be easier for a bad guy to burgle your home.
Heightened regulatory environment.
Europe will have continued focus on General Data Protection Regulation (GDPR) laws that expand the way privacy rights of individuals are protected. The California Consumer Privacy Act will continue to create new rights for consumers on the usage and sale of personal information. There may also be additional regulations which will arise from the US Justice Department’s anti-competitive lawsuits against large tech companies. The Bureau of Consumer Protection will also likely increase focus on consumer privacy.
The most litigated relevant law is Illinois’ Biometric Information Privacy Act which governs disclosure, consent, and retention requirements that collect and store biometric data from the wearable industry and health trackers.
Soon there will be privacy laws for fingerprint readers and facial recognition software. New laws will be enacted concerning the right to privacy in the emerging IoT/IoB ecosystem, as well as who is accountable for decisions made by autonomous systems.
Breaches Will Grow in Scale and Sophistication.
Think of all the data they can obtain about an individual: Your movements will be tracked and buying practices and preferences will be known. Ransom attacks will escalate beyond medical records and enter the realm of personal blackmail. Companies will have a far better understanding of customers’ preferences, behaviors, and interests.
They will try to define and more clearly understand their responsibilities in terms of data privacy, however, more and more sensitive data will need to be protected. Hackers will be the first to apply new technologies such as artificial intelligence and 5G networks. Breaches will grow in scale and sophistication, with more data available and more tools to obtain and compromise it. No doubt, there will be unintended legal consequences.
Just as technology moves forward by leaps and bounds, we can expect cyber litigation to expand accordingly. Have you hugged your attorneys and your expert witnesses lately?