A recent report from the Government Accountability Office (GAO) found that federal privacy and data laws such as the Fair Credit Reporting Act (FCRA) and the Graham-Leach-Bliley Act (GLBA) have limited applicability to information resellers.According to the GAO, the FCRA applies to information collected or used to determine eligibility for things such as credit cards and insurance, while the GLBA applies only to information obtained by or from a GLBA-defined financial institution. The GAO also wrote that while these laws do have provisions for privacy and security, consumers would be better off if requirements were expanded to all forms of sensitive personal data used by resellers.The GAO also pointed that the Federal Trade Commission (FTC) is the primary agency to enforce reseller compliance with both acts, but it does not have civil penalty authority under the privacy and safeguarding provisions of GLBA. The report states this may reduce the FTC’s ability to enforce that law most effectively against certain violations, such as breaches of mass consumer data.The GAO recommended that Congress consider requiring information resellers to safeguard all sensitive personal information and giving FTC civil penalty authority for enforcement of GLBA’s privacy and safeguarding provisions. Additionally, the GAO recommended that state insurance regulators ensure compliance with the GLBA. Compiled by Paul KersteinKeep checking in at our Security Feed for updated news coverage. Related content news Insider risks are getting increasingly costly The cost of cybersecurity threats caused by organization insiders rose over the course of 2023, according to a new report from the Ponemon Institute and DTEX Systems. By Jon Gold Sep 20, 2023 3 mins Budget Budget Pricing news US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks Cyber insurance claims frequency increased by 12% in the first half of 2023 while claims severity increased by 42% with an average loss amount of more than $115,000. By Michael Hill Sep 20, 2023 3 mins Insurance Industry Risk Management news Intel Trust Authority attestation services now in general availability Formerly known as Project Amber, Intel’s attestation services support confidential computing deployments. By Michael Nadeau Sep 20, 2023 3 mins Zero Trust Security Hardware news Venafi taps generative AI to streamline machine identity management Venafi’s Athena, based on a new large language model (LLM), offers users a natural language interface and provides developers with automated code generation for important integrations. By Shweta Sharma Sep 20, 2023 6 mins Generative AI Identity Management Solutions Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe