The typical approach in cybersecurity regulation has historically been similar to other legislation: restriction and punishment. The advent of the new “SPY” bill takes the exact opposite approach, and it’s one that veteran security professionals might find refreshing. Rather than invent ever harsher “dissuasive” penalties for criminal hacker elements, the Security and Privacy in Your Car (SPY Car) Act – sponsored by Senators Ed Markey and Richard Blumenthal – seeks to put the onus of safe smart cars on those who produce them.
The Federal Communications Commission has brought AT&T to a $25,000,000 settlement over its mismanagement of customer data between the end of 2013 and the end of 2014. Rather than face litigation, AT&T has agreed to the FCC’s largest-ever settlement in relation to data and privacy loss or theft. (Another fairly large settlement happened less than a year ago, regarding Sprint’s violation of the Do-Not-Call Implementation Act of 2003, which cost them $7,500,000.)