News
Jun 26, 20243 mins
Data GovernanceData ManagementData Privacy
‘It’s such a paper tiger,’ publishing CIO says of new rule aimed at stopping the export of Americans’ protected personal information to countries of concern.
An executive order from President Biden restricting which countries data brokers can sell American data to took effect on Sunday, but some have expressed doubt about whether it will have much impact.
The executive order prohibits data brokers from selling protected data about Americans to various “countries of concern,” which the US defined in December as Burma, People’s Republic of China, Cuba, Eritrea, Iran, the Democratic People’s Republic of Korea, Nicaragua, Pakistan, Russia, Saudi Arabia, Tajikistan and Turkmenistan. The order defined protected data as “Americans’ most personal and sensitive information, including genomic data, biometric data, personal health data, geolocation data, financial data, and certain kinds of personally identifiable information.”
[ Related: What CIOs need to know about data sovereignty ]
Although the data protection and privacy issues raised in this executive order are critically important to enterprise IT and security operations, the narrow provisions of this order would seem to limit its impact to data brokers and would not likely directly impact enterprise IT or cybersecurity operations.
But industry watchers have their own opinions about whether this executive order is likely to have any industry impact.
Data localization light
At media company Hearst, which reported $12 billion in revenue last year, CIO Atefeh “Atti” Riazi saw little of concern in the exeutive order. She that her team — and the CISO reports to her, so she was also referring to security — will not at all be impacted by the order, but she also raised questions about how much it would impact anyone at all, even data brokers.
“It’s such a paper tiger, so superficial. Politicians often need these wedge issues. It makes news but they are completely unenforceable,” Riazi said in an interview with CIO.com. “It’s foolish. There is no way you can enforce this.”
She added that such data is “continuously stolen” so “how are you going to track it? This is just an empty gesture. Third-party data has not been governed for a very long time. A dam has a million holes in it and we are trying to plug one or two.”
Brian Levine, a managing partner at Ernst & Young who oversees enterprise cybersecurity issues, said that he thought it was too early to analyze the likely impact of this executive order.
“At a high level, these all seem like sensible measures, but the order primarily directs agencies to issue various regulations, so the devil will be in the details,” Levine said. “Some of this sounds like ‘data localization light’ — don’t allow data to visit countries that might improperly exploit it.”
SUBSCRIBE TO OUR NEWSLETTER
From our editors straight to your inbox
Get started by entering your email address below.
>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : CIO – https://www.cio.com/article/2505628/white-house-executive-order-restricting-data-brokers-enters-effect-but-to-what-end.html