Forward – Wyoming’s Laws Outdated
Forward by CyberWyoming Alliance: As part of the Wyoming CAN Committee (Cybersecurity Action Network), we were on a committee reviewing Wyomings internet related and data breach laws. They are woefully outdated. Some of the consumer privacy laws still refer to writing (via snail mail) to the three credit reporting agencies and paying no more than $10 to put a credit freeze on your account. All of this can be done online for free.
Montana recently updated their privacy and consumer online protection laws and now Connecticut is doing the same. It is an important issue that, despite many CAN committee members asking their local reps to be legislative sponsors in the past 3 years, has gone nowhere. Please write your representative or senator and ask them to review the Wyoming CAN Committee’s recommendations to update Wyoming’s state statutes.
By Guest Blogger, Chris Bonatti, IECA Cybersecurity Consultant, Casper, Wyoming
In May, Connecticut became the latest US state to advance it’s own privacy statute. The law closely resembles the existing privacy laws in Colorado, Virginia, and Utah, and defines a set of baseline privacy rights for state residents. It allows residents to opt out of sales, targeted advertising, and profiling. Starting in 2025, the law requires companies to acknowledge optout preference signals (such as GPC). It would also require companies to proactively obtain consent to process sensitive data, and to offer ways to revoke that consent. Organizations will have no more than 15 days to stop processing such data once consent is revoked. Parental consent is needed to collect personal data from children under the age of 13.
The law joins California and Colorado in adding sunset clauses to the right-to-cure, which is a doctrine that allows companies to resolve privacy complaints before being subjected to legal jeopardy. Right-to-cure has been treated as a sort of “get out of jail free” card, allowing companies to get away with grave privacy abuses without facing any stiff penalties. The bill also goes beyond existing state privacy laws by directly limiting the use of facial recognition technology.
If you would like to know more about privacy threats and their potential ramifications, or would like help with privacy issues, please consider letting IECA help. For the full IECA newsletter check out: https://www.ieca.com/newsletter/2206-IECA_Cyber_Bulletin.pdf