Transcript Senate Subcommittee Hearing on Strengthening Data Security to Protect Consumers
Transcript: US Senate Subcommittee Hearing on "Strengthening Data Security to Protect Consumers"
March 8, 2024: A reference person gathering at the U. S. Senate Committee Russell 253 for a hearing on data privacy enhancement.
On Wednesday, May 8, 2024, Senator John Hicken Looper (Democratic Party), a chairman of the Senate Science and Transportation Subcommittee on consumer protection, product safety, and data security, "Democratic Party) A public hearing entitled "Privacy Enhancement" was held. In this hearing, we will protect data from unauthorized access, such as the importance of data security, consumer data confidentiality, integrity, methods to protect the accessibility, minimizes data and practice strong data security. The focus was on the method.
- Identity Theft Resource Center, Coo, James E. Lee (written testimony)
- Sam Kaplan, Palo Alto Networks, Assistant General Counsel, Public Policy & Government Affaire Senior Director. Palo Alto Networks, Government Afears (written testimony)
- Prem Tribededi, Open Technology Institute of New America, Policy Director (written testimony)
- Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
Witnesses pointed out the need for national data privacy standards.
"Having a single national standard is to bring more profits to companies and consumers, and at the same time enhance data security, and our members are supported by our members. We are paying attention to new discussions on the formulation of such standards, and are encouraged by the progress of the Jake Parker, the Senior Director in charge of the government.
The privacy and minimization of data can be regarded as the principle of security.
"The minimum standards can reduce the risk of being abused. The minimum standard is not just an index we tend to think. In many cases, it is a practice of minimizing data and very much. A concept based on a simple truth.
The debate extends to the complexity of cyber threats, such as phishing attacks generated by AI and national hacking campaign. < SPAN> March 8, 2024: The reference people gather at Russell 253, the U. S. Senate Committee, for a hearing on data privacy enhancement.
On Wednesday, May 8, 2024, Senator John Hicken Looper (Democratic Party), a chairman of the Senate Science and Transportation Subcommittee on consumer protection, product safety, and data security, "Democratic Party) A public hearing entitled "Privacy Enhancement" was held. In this hearing, we will protect data from unauthorized access, such as the importance of data security, consumer data confidentiality, integrity, methods to protect the accessibility, minimizes data and practice strong data security. The focus was on the method.
Identity Theft Resource Center, Coo, James E. Lee (written testimony)
Sam Kaplan, Palo Alto Networks, Assistant General Counsel, Public Policy & Government Affaire Senior Director. Palo Alto Networks, Government Afears (written testimony)
Prem Tribededi, Open Technology Institute of New America, Policy Director (written testimony)
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
Witnesses pointed out the need for national data privacy standards.
"Having a single national standard is to bring more profits to companies and consumers, and at the same time enhance data security, and our members are supported by our members. We are paying attention to new discussions on the formulation of such standards, and are encouraged by the progress of the Jake Parker, the Senior Director in charge of the government.
The privacy and minimization of data can be regarded as the principle of security.
"The minimum standards can reduce the risk of being abused. The minimum standard is not just an index we tend to think. In many cases, it is a practice of minimizing data and very much. A concept based on a simple truth.
The debate extends to the complexity of cyber threats, such as phishing attacks generated by AI and national hacking campaign. March 8, 2024: A reference person gathering at the U. S. Senate Committee Russell 253 for a hearing on data privacy enhancement.
On Wednesday, May 8, 2024, Senator John Hicken Looper (Democratic Party), a chairman of the Senate Science and Transportation Subcommittee on consumer protection, product safety, and data security, "Democratic Party) A public hearing entitled "Privacy Enhancement" was held. In this hearing, we will protect data from unauthorized access, such as the importance of data security, consumer data confidentiality, integrity, methods to protect the accessibility, minimizes data and practice strong data security. The focus was on the method.
Identity Theft Resource Center, Coo, James E. Lee (written testimony)
Sam Kaplan, Palo Alto Networks, Assistant General Counsel, Public Policy & Government Affaire Senior Director. Palo Alto Networks, Government Afears (written testimony)
Prem Tribededi, Open Technology Institute of New America, Policy Director (written testimony)
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
"Having a single national standard is to bring more profits to companies and consumers, and at the same time enhance data security, and our members are supported by our members. We are paying attention to new discussions on the formulation of such standards, and are encouraged by the progress of the Jake Parker, the Senior Director in charge of the government.
The privacy and minimization of data can be regarded as the principle of security.
"The minimum standards can reduce the risk of being abused. The minimum standard is not just an index we tend to think. In many cases, it is a practice of minimizing data and very much. A concept based on a simple truth.
The debate extends to the complexity of cyber threats, such as phishing attacks generated by AI and national hacking campaign.
"We have seen threats abusing them and setting up a really clever phishing attack. They are close to them. Policy and Government Affaire Senior Director, Sam Kaplan; Government Affaire, Palo Alto Networks
The proposed privacy rights (APRA) was praised, but was concerned about the preliminary and unintended results.
"APRA contains some of the pillars required for privacy legislation. Proper promotion of op t-out, deleting data, sales and transfer. One of the concerns for us is that FCC ahead of APRA "Prem Trivedy, Open Technology Policy Director.
The following is a record of the hearing.
John Hicken Looper Senator (Democratic Party):
Welcome to Consumer Protection, Product Safety, Data Security Small Committee. I will come in order. I'm sorry to wait a little. Blackburn members will soon be able to see. I'm heading now. In the era of technology based on the increase in consumer data, we are in a very important phase. Obviously, artificial intelligence accounts for most of its advertising, which is close to the limit. Companies collect or process various data, from information, name, address, and portraits that can identify individuals. Recent universities have said that confidential data, physical location information, browsing history, and threats to consumer data faced by companies are complicated, almost every aspect. The more data you collect, the more attractive you want to violate your data, the more criminal act. With one information leakage, companies are paying nearly $ 4. 2 million, and consumers are forced to pay its financial and reputable burden. < SPAN> "We have seen threats exploit this and set up a truly clever phishing attack. The day they can decipher it," Palo Alto Networks, Assistant General Counsel) Public Policy and Government Affairs Senior Director, Sam Kaplan; Government Affairs, Palo Olt Networks
The proposed privacy rights (APRA) was praised, but was concerned about the preliminary and unintended results.
"APRA contains some of the pillars required for privacy legislation. Proper promotion of op t-out, deleting data, sales and transfer. One of the concerns for us is that FCC ahead of APRA "Prem Trivedy, Open Technology Policy Director.
The following is a record of the hearing.
John Hicken Looper Senator (Democratic Party):
Welcome to Consumer Protection, Product Safety, Data Security Small Committee. I will come in order. I'm sorry to wait a little. Blackburn members will soon be able to see. I'm heading now. In the era of technology based on the increase in consumer data, we are in a very important phase. Obviously, artificial intelligence accounts for most of its advertising, which is close to the limit. Companies collect or process various data, from information, name, address, and portraits that can identify individuals. Recent universities have said that confidential data, physical location information, browsing history, and threats to consumer data faced by companies are complicated, almost every aspect. The more data you collect, the more attractive you want to violate your data, the more criminal act. With one information leakage, companies are paying nearly $ 4. 2 million, and consumers are forced to pay its financial and reputable burden. "We have seen threats abusing them and setting up a really clever phishing attack. They are close to them. Policy and Government Affaire Senior Director, Sam Kaplan; Government Affaire, Palo Alto Networks
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
"APRA contains some of the pillars required for privacy legislation. Proper promotion of op t-out, deleting data, sales and transfer. One of the concerns for us is that FCC ahead of APRA "Prem Trivedy, Open Technology Policy Director.
The following is a record of the hearing.
John Hicken Looper Senator (Democratic Party):
Welcome to Consumer Protection, Product Safety, Data Security Small Committee. I will come in order. I'm sorry to wait a little. Blackburn members will soon be able to see. I'm heading now. In the era of technology based on the increase in consumer data, we are in a very important phase. Obviously, artificial intelligence accounts for most of its advertising, which is close to the limit. Companies collect or process various data, from information, name, address, and portraits that can identify individuals. Recent universities have said that confidential data, physical location information, browsing history, and threats to consumer data faced by companies are complicated, almost every aspect. The more data you collect, the more attractive you want to violate your data, the more criminal act. With one information leakage, companies are paying nearly $ 4. 2 million, and consumers are forced to pay its financial and reputable burden.
How many more consumers must fall victim to identity theft before we take action? How long must we allow our personal information to be sold on the dark web for profit? When will cybercriminals stop stealing our data, or at least be able to prevent it? Data breaches like these are hoping to hit small businesses, large corporations, and everything in between. In 2023 alone, 3, 205 data breaches were reported in the United States. 353, 000 people were seriously affected. 10% of publicly traded companies reported data breaches, affecting a total of 143 million people. These data breaches can have devastating consequences. As was widely reported recently, a data breach at a national wireless provider exposed the data of 70 million customers, a major health insurer experienced system outages, delayed medical payments for large amounts of money, and exposed important health data. This is why we need strong requirements on how companies collect and protect our data. We need strong national privacy standards that include data minimization and data security by conducting routine risk assessments and establishing strong internal and external safeguards for data. Obviously data minimization defines specific categories to turn off the faucet, as it was to turn off the data faucet. Companies don't just collect what they can because they collect it from consumers. Data security lays out clear requirements for how companies must protect the data they collect. So data breaches will be less frequent. We need to give consumers control over how their data is used. That will help restore consumer trust in the technology that drives our economy. Sixteen states, including Colorado, have passed or are in the process of passing their own state privacy laws. Other states are debating.
Excuse me. There are things we can learn from these state laws. For example, Colorado law has a temporary right to cure companies for complying or responding to privacy requirements. There are also areas where the federal government needs to move forward with rulemaking and enforcement, consistent definitions of key terms like sensitive data, or even issuing national regulations. The United States Privacy Rights Act is an important compromise framework that Congress should build. I commend Chairman Cantwell and Chairman Mac Morris Rogers for their efforts to advance this proposal in their home states. We are committed to being here to hear from all perspectives on data minimization and data security. Minimization and security are clearly interrelated. It is the combination of the two that allows us to build a strong data privacy framework. We now have an opportunity, and an obligation, to build greater bilateral consensus on these complex issues. I look forward to today's hearing. I would like to welcome each of the witnesses with us today, along with each of the witnesses. James Lee, CEO of the Identity Theft Resource Center, and Sam Kaplan, Assistant General Counsel, Palo Alto.
Senator Marsha Blackburn (R-TN):
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
In 2012, we were there. And now, as we know, this problem has not been dealt with and has not been solved, so taking measures is increasing every day. The need for a quick and effective privacy and data security law is urgent for some reasons. First, the momentum of China and other malicious traders does not stop. By the way, Christopher Ray FBi attended the judicial committee meeting and stated very important. If you are an adult in the United States, it is highly likely that China has stolen personal data. He also stated that China's larg e-scale hacking program is the largest in the world, stealing more American personal data and business data than any other country. We need to pay attention to this. Now that China is about to become a world leader in artificial intelligence, the threat is particularly large.
By 2030, China plans to enhance larg e-scale surveillance nations with AI, and to collect and hold data at the center of the strategy. At the same time, in the United States, AI technology is becoming more and more linked to our daily lives, and consumers are legitimate how their data is used for training these large language models and AI applications. I have a question. Today, I would like to discuss why the federal privacy and security laws are needed to fight such threats. Second, parliament has passed a dangerous stage to sow power in both state and other countries. As is well known, the state government has rapidly enacted privacy laws and has created patchwork for regulations that can be a headache for our business. There are such laws in Tennessee and Coloradado, and European countries have also punched us. A few years ago, GDPR was enforced, and now GDPR is used as a foundation for AI. < SPAN> In 2012, we were there. And now, as we know, this problem has not been dealt with and has not been solved, so taking measures is increasing every day. The need for a quick and effective privacy and data security law is urgent for some reasons. First, the momentum of China and other malicious traders does not stop. By the way, Christopher Ray FBi attended the judicial committee meeting and stated very important. If you are an adult in the United States, it is highly likely that China has stolen personal data. He also stated that China's larg e-scale hacking program is the largest in the world, stealing more American personal data and business data than any other country. We need to pay attention to this. Now that China is about to become a world leader in artificial intelligence, the threat is particularly large.
By 2030, China plans to enhance larg e-scale surveillance nations with AI, and to collect and hold data at the center of the strategy. At the same time, in the United States, AI technology is becoming more and more linked to our daily lives, and consumers are legitimate how their data is used for training these large language models and AI applications. I have a question. Today, I would like to discuss why the federal privacy and security laws are needed to fight such threats. Second, parliament has passed a dangerous stage to sow power in both state and other countries. As is well known, the state government has rapidly enacted privacy laws and has created patchwork for regulations that can be a headache for our business. There are such laws in Tennessee and Coloradado, and European countries have also punched us. A few years ago, GDPR was enforced, and now GDPR is used as a foundation for AI. In 2012, we were there. And now, as we know, this problem has not been dealt with and has not been solved, so taking measures is increasing every day. The need for a quick and effective privacy and data security law is urgent for some reasons. First, the momentum of China and other malicious traders does not stop. By the way, Christopher Ray FBi attended the judicial committee meeting and stated very important. If you are an adult in the United States, it is highly likely that China has stolen personal data. He also stated that China's larg e-scale hacking program is the largest in the world, stealing more American personal data and business data than any other country. We need to pay attention to this. Now that China is about to become a world leader in artificial intelligence, the threat is particularly large.
By 2030, China plans to enhance larg e-scale surveillance nations with AI, and to collect and hold data at the center of the strategy. At the same time, in the United States, AI technology is becoming more and more linked to our daily lives, and consumers are legitimate how their data is used for training these large language models and AI applications. I have a question. Today, I would like to discuss why the federal privacy and security laws are needed to fight such a threat. Second, parliament has passed a dangerous stage to sow power in both state and other countries. As is well known, the state government has rapidly enacted privacy laws and has created patchwork for regulations that can be a headache for our business. There are such laws in Tennessee and Coloradado, and European countries have also punched us. A few years ago, GDPR was enforced, and now GDPR is used as a foundation for AI.
However, regarding the need to make the regulations smart and effective, the EU can be less than. I visited the EU to work on this problem last year, and a data protection authorities asked me to resolve a dispute over bank account after a couple divorced, and neighboring humans over the airline installation. I heard that they were asked to resolve the dispute. So be smart. Don't make the same mistakes. We know that European countries, our friends, are always heavy approaches. FTC will promote commercial monitoring and data security rules launched in 2022. Without parliamentary authority and instructions, Congress should decide the rules, not bureaucrats that were not elected. Finally, in this public hearing, there will be many discussions on the concepts such as minimizing data in other data security practices, but we forget the cyber threats brought by the newly emerged technology. Not.
One of the areas where Tennessee is very interested in is quantum technology by collecting and deciphering later. Today, if the bad guys steal the encrypted data, they will not be able to stop the data by quantum technology tomorrow. That's why the committee needs to verify this technology and review the National Initiative Law quickly. I would like to work on this problem with the chairman and the committee team. Tennessee is the leader of economic innovation in technology such as quantum computing, and the Oakridge National Institute is at the forefront of basic and applied science research. Talking to the people of Tennessee, you will be asked how to deal with privacy and data security issues while continuing the prosperity of innovation. The committee must take a thoughtful approach, but at the same time, it must also achieve the reality imposed on parliamentary schedule. I am looking forward to today's discussion. thank you
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
big. Then, each witness will give you the first greeting. I always say that the word witness has a false meaning. Anyway, first from James Lee, the highest executive officer of the ID Resource Center.
The following is a record of the hearing.
One of the areas where Tennessee is very interested in is quantum technology by collecting and deciphering later. Today, if the bad guys steal the encrypted data, they will not be able to stop the data by quantum technology tomorrow. That's why the committee needs to verify this technology and review the National Initiative Law quickly. I would like to work on this problem with the chairman and the committee team. Tennessee is the leader of economic innovation in technology such as quantum computing, and the Oakridge National Institute is at the forefront of basic and applied science research. Talking to the people of Tennessee, you will be asked how to deal with privacy and data security issues while continuing the prosperity of innovation. The committee must take a thoughtful approach, but at the same time, it must also achieve the reality imposed on parliamentary schedule. I am looking forward to today's discussion. thank you
John Hicken Looper Senator (Democratic Party):
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
James Lee, however, the need for the EU to be a smart and effective need for the EU. I visited the EU to work on this problem last year, and a data protection authorities asked me to resolve a dispute over bank account after a couple divorced, and neighboring humans over the airline installation. I heard that they were asked to resolve the dispute. So be smart. Don't make the same mistakes. We know that European countries, our friends, are always heavy approaches. FTC will promote commercial monitoring and data security rules launched in 2022. Without parliamentary authority and instructions, Congress should decide the rules, not bureaucrats that were not elected. Finally, in this public hearing, there will be many discussions on the concepts such as minimizing data in other data security practices, but we forget the cyber threats brought by the newly emerged technology. Not.
The proposed privacy rights (APRA) was praised, but was concerned about the preliminary and unintended results.
John Hicken Looper Senator (Democratic Party):
big. Then, each witness will give you the first greeting. I always say that the word witness has a false meaning. Anyway, first from James Lee, the highest executive officer of the ID Resource Center.
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
Thank you. Mr. Chairman, ladies and gentlemen of Blackburn. I'm James Lee, Chief Executive of the Identity Theft Resource Center. For more information on the ITRC, I invite you to read our full written statement, but as we all know, the core of our business is providing free assistance to victims of identity crime, as well as research and analysis on identity crime trends. A lot has happened since we spoke in this room about this same issue in 2021. We've seen bad actors shift their focus, broaden their reach, and accelerate their innovative efforts. We may now be at the dawn of a golden age of identity crime.
The debate extends to the complexity of cyber threats, such as phishing attacks generated by AI and national hacking campaign. March 8, 2024: A reference person gathering at the U. S. Senate Committee Russell 253 for a hearing on data privacy enhancement.
But the most alarming trend is the number of people who have decided that self-harm is their only way out. 16% of people contacted in 2023 said they were considering taking their own life. In previous decades, this figure had never exceeded 2-4%, but now 16% has doubled in a single year and is not likely to slow down. And unlike past years, we are now hearing from grieving families who continue to be attacked by identity criminals who are intent on continuing to defraud. We are providing objective information rather than unilaterally advocating laws and regulations. With that in mind, we are in the same place as we were last time. The best way to help victims of identity crime is to prevent them from becoming victims in the first place. And a key part of preventing identity crime is uniform minimum standards for data protection, and the use of technical and non-technical minimum standards is essential in our world.
The following is a record of the hearing.
In order to be effective in reducing ID crimes, unified standards also require powerful execution. The defenders must always measure their progress and constantly adapt to new work, and do this through monitoring. In addition, a strong execution measure is required for warnings for data leakage. Remy gives two examples. In the first three months of this year, 32 % and 32 % of the data leakage hints had some information about the cause of data leakage if it was linked to a bear attack. However, the information was not included what happened. This number was 100 % of the data leakage up to the fourth quarter of 2021. The number of new data leakage in the United States is an average of 9 per day in the European Union (EU). One of the correct 335 cases is a leakage of data leakage, and there are many examples to prove it.
The debate extends to the complexity of cyber threats, such as phishing attacks generated by AI and national hacking campaign. March 8, 2024: A reference person gathering at the U. S. Senate Committee Russell 253 for a hearing on data privacy enhancement.
John Hicken Looper Senator (Democratic Party):
The privacy and minimization of data can be regarded as the principle of security.
Sam Kaplan: < SPAN> In order to be effective in decreasing ID crimes, unified standards also require powerful execution. The defenders must always measure their progress and constantly adapt to new work, and do this through monitoring. In addition, a strong execution measure is required for warnings for data leakage. Remy gives two examples. In the first three months of this year, 32 % and 32 % of the data leakage hints had some information about the cause of data leakage if it was linked to a bear attack. However, the information was not included what happened. This number was 100 % of the data leakage up to the fourth quarter of 2021. The number of new data leakage in the United States is an average of 9 per day in the European Union (EU). One of the correct 335 cases is a leakage of data leakage, and there are many examples to prove it.
The debate extends to the complexity of cyber threats, such as phishing attacks generated by AI and national hacking campaign. March 8, 2024: A reference person gathering at the U. S. Senate Committee Russell 253 for a hearing on data privacy enhancement.
John Hicken Looper Senator (Democratic Party):
The proposed privacy rights (APRA) was praised, but was concerned about the preliminary and unintended results.
Sam Kaplan: In order to be effective in reducing ID crimes, unified standards also require powerful execution. The defenders must always measure their progress and constantly adapt to new work, and do this through monitoring. In addition, a strong execution measure is required for warnings for data leakage. Remy gives two examples. In the first three months of this year, 32 % and 32 % of the data leakage hints had some information about the cause of data leakage if it was linked to a bear attack. However, the information was not included what happened. This number was 100 % of the data leakage up to the fourth quarter of 2021. The number of new data leakage in the United States is an average of 9 per day in the European Union (EU). One of the correct 335 cases is a leakage of data leakage, and there are many examples to prove it.
The debate extends to the complexity of cyber threats, such as phishing attacks generated by AI and national hacking campaign. March 8, 2024: A reference person gathering at the U. S. Senate Committee Russell 253 for a hearing on data privacy enhancement.
John Hicken Looper Senator (Democratic Party):
The proposed privacy rights (APRA) was praised, but was concerned about the preliminary and unintended results.
Sam Kaplan:
The debate extends to the complexity of cyber threats, such as phishing attacks generated by AI and national hacking campaign. March 8, 2024: A reference person gathering at the U. S. Senate Committee Russell 253 for a hearing on data privacy enhancement.
In other words, we know the situation of cyber threats deeply and widely. We are a good cyber citizen and a security partner trusted by the federal government. It is a wel l-known fact that cyber attacks have a realistic impact on our daily lives, from public services such as medical and emergency services to leakage of US confidential data. Against this background, I am strongly convinced that Palo Alto Networks is a necessary and effective element for data security and privacy to develop stat e-o f-th e-art cyber defense. In conclusion, effective data security and data privacy require stat e-o f-th e-art cyber defense. Organizations should be encouraged to protect data by introducing powerful security practices and networks that prevent incidents and data leakage and reduce the effects of incidents. Cyber experts regularly use security data (remote measurement of network, zero and zero) to ahead of this evolving threat. < SPAN> Thank you to Hicken Looper, Blackburn Chairman, and members. Thank you for having the opportunity to testify that cyber security is an important and basic element of data security and consumer protection. I am a senior director and assistant general counsel in Palo Alto Networks in charge of public policy and government. I spent most of my career at the intersection of cyber security, national security, and data privacy. Before joining a private company, I am proud to have participated in the coach as a DHS privacy director, worked in the U. S. Department of Justice and the Ministry of Justice. Masu. For those who do not know Palo Alto Networks, we briefly explain it in 2005 and is now a leading company for cyber companies. Palo Alto Networks provides cyber defense functions to companies around the world, supporting 95 important infrastructure of 95 of the 100 Fortune, the US Federal government, university, educational institutions, and a wide range of partners in the state and regions. I am.
The following is a record of the hearing.
In other words, we know the situation of cyber threats deeply and widely. We are a good cyber citizen and a security partner trusted by the federal government. It is a wel l-known fact that cyber attacks have a realistic impact on our daily lives, from public services such as medical and emergency services to leakage of US confidential data. Against this background, I am strongly convinced that Palo Alto Networks is a necessary and effective element for data security and privacy to develop stat e-o f-th e-art cyber defense. In conclusion, effective data security and data privacy require stat e-o f-th e-art cyber defense. Organizations should be encouraged to protect data by introducing powerful security practices and networks that prevent incidents and data leakage and reduce the effects of incidents. Cyber experts regularly use security data (remote measurement of network, zero and zero) to ahead of this evolving threat.
The debate extends to the complexity of cyber threats, such as phishing attacks generated by AI and national hacking campaign. March 8, 2024: A reference person gathering at the U. S. Senate Committee Russell 253 for a hearing on data privacy enhancement.
By 2030, China plans to enhance larg e-scale surveillance nations with AI, and to collect and hold data at the center of the strategy. At the same time, in the United States, AI technology is becoming more and more linked to our daily lives, and consumers are legitimate how their data is used for training these large language models and AI applications. I have a question. Today, I would like to discuss why the federal privacy and security laws are needed to fight such threats. Second, parliament has passed a dangerous stage to sow power in both state and other countries. As is well known, the state government has rapidly enacted privacy laws and has created patchwork for regulations that can be a headache for our business. There are such laws in Tennessee and Coloradado, and European countries have also punched us. A few years ago, GDPR was enforced, and now GDPR is used as a foundation for AI. < SPAN> In 2012, we were there. And now, as we know, this problem has not been dealt with and has not been solved, so taking measures is increasing every day. The need for a quick and effective privacy and data security law is urgent for some reasons. First, the momentum of China and other malicious traders does not stop. By the way, Christopher Ray FBi attended the judicial committee meeting and stated very important. If you are an adult in the United States, it is highly likely that China has stolen personal data. He also stated that China's larg e-scale hacking program is the largest in the world, stealing more American personal data and business data than any other country. We need to pay attention to this. Now that China is about to become a world leader in artificial intelligence, the threat is particularly large.
Thank you, Mr. Kaplan. Next, I would like to introduce Prem Trivedi, Policy Director at the Open Technology Institute at New America.
The debate extends to the complexity of cyber threats, such as phishing attacks generated by AI and national hacking campaign. March 8, 2024: A reference person gathering at the U. S. Senate Committee Russell 253 for a hearing on data privacy enhancement.
Chairman of Hicken Looper and Committee. Thank you very much for this opportunity today. I am a no n-profit organization that is working to realize American promises in the era of rapid technological innovation and social change, and is a policy director of the New American Institute of Open Technology. Since 2009, the Open Technology Institute (OTI) has been working to make all local communities fairly accessible to digital technology and its benefits. OTI has many years, while maintaining sufficient flexibility for innovation and the need for strong federal standards for consumer and data security. This is the first point. Data security and consumer privacy are two sides of the same coin. Powerful data security protection measures, including minimization, are essential to protect consumers. And, as you mentioned in the remarks, the minimization of data is a powerful principle that requires collecting, using, sharing, and retaining only the data you need to provide services and products.
The privacy and minimization of data can be regarded as the principle of security.
And these concerns about data security and privacy are negatively impacting consumer trust in AI and the leadership of AI companies. The good news is that more than two-thirds of Republicans and Democrats support increased regulation of companies' data usage. It's also encouraging to see the recent re-emergence of credible bipartisan legislation on privacy and data security through the American Privacy Rights Act. The next thing I want to say is that a strong federal data minimization regime would replace the broken approach of U. S. privacy governance based solely on notice and consent. We know that it takes hundreds of hours for people to read through every privacy policy they encounter in just one year. And most Americans, even most privacy experts, impose this unfair burden on consumers by clicking agree without reading these policies. It doesn't make sense, it doesn't make sense for consent, and I'm not sure it's really possible for most of our online activities. Data minimization is very important because it shifts the responsibility onto companies and consumers to use only what they need to provide their products and services. And I would like to point out that this is far from a new idea in the risk management playbook. In other words, I think we can reap the benefits of data minimization without stifling innovation or burdening small businesses. My final point is that broad best practices in data security should be a foundational safeguard across all sectors of the economy. Let me briefly list those best practices. First, as we have emphasized, collect, use, share, and retain only critical data. Second, use encryption for data storage and processing whenever possible.
The debate extends to the complexity of cyber threats, such as phishing attacks generated by AI and national hacking campaign. March 8, 2024: A reference person gathering at the U. S. Senate Committee Russell 253 for a hearing on data privacy enhancement.
John Hicken Looper Senator (Democratic Party):
The privacy and minimization of data can be regarded as the principle of security.
The debate extends to the complexity of cyber threats, such as phishing attacks generated by AI and national hacking campaign. March 8, 2024: A reference person gathering at the U. S. Senate Committee Russell 253 for a hearing on data privacy enhancement.
Hicken looper, Blackburn, good evening. Thank you for having the opportunity to participate in today's hearing. Jake Parker of the Security Industry Association. This organization is a no n-profit organization that represents more than 1, 500 companies that provide products that protect the United States, assets, companies, schools, and important infrastructure. Therefore, data security is essential for the operation of security systems and services, and members of the Association are working to protect personal data, whether consumer data or operation data. Data plactis, such as data, vaccinations, and desig n-based privacy, enhances the absolute security necessary to succeed in many types of these products. For example, regarding entry and exit management systems and video systems, functions such as encryption, permission access, distributed data storage, peak device processing, auditing function, data deletion schedule, etc. are being used. It restricts the possibility of data that may be done and plays a role in limiting the usefulness of data when leaked. < SPAN> Third, a powerful management measure is introduced so that only the person who should access the data can actually access the data. Fourth, use a powerful authentication method including mult i-factor authentication. Fifth, examine how to use the technology to strengthen privacy, and standardize it in the long term. Sixth, to regularly evaluate and relax data security vulnerabilities. You may have heard from other reference people. Although there is no perfect data security, these common sense best practices should be the requirements of federal law and should be flexibly implemented in consideration of different corporate size and technical abilities. In conclusion, data protection is consumer protection, requiring responsible data management, and a domestic law that gives incentives. I would like to thank you again for the opportunity to testify by this small committee. We look forward to your question.
The proposed privacy rights (APRA) was praised, but was concerned about the preliminary and unintended results.
thank you very much. Then, please Parker. I forgot, you are a senior director of the Security Industry Association. Thank you for gathering.
The debate extends to the complexity of cyber threats, such as phishing attacks generated by AI and national hacking campaign. March 8, 2024: A reference person gathering at the U. S. Senate Committee Russell 253 for a hearing on data privacy enhancement.
Hicken looper, Blackburn, good evening. Thank you for having the opportunity to participate in today's hearing. Jake Parker of the Security Industry Association. This organization is a no n-profit organization that represents more than 1, 500 companies that provide products that protect the United States, assets, companies, schools, and important infrastructure. Therefore, data security is essential for the operation of security systems and services, and members of the Association are working to protect personal data, whether consumer data or operation data. Data plactis, such as data, vaccinations, and desig n-based privacy, enhances the absolute security necessary to succeed in many types of these products. For example, regarding entry and exit management systems and video systems, functions such as encryption, permission access, distributed data storage, peak device processing, auditing function, data deletion schedule, etc. are being used. It restricts the possibility of data that may be done and plays a role in limiting the usefulness of data when leaked. Third, a powerful management measure will be introduced so that only the person who should access the data can actually access the data. Fourth, use a powerful authentication method including mult i-factor authentication. Fifth, examine how to use the technology to strengthen privacy, and standardize it in the long term. Sixth, to regularly evaluate and relax data security vulnerabilities. You may have heard from other reference people. Although there is no perfect data security, these common sense best practices should be the requirements of federal law and should be flexibly implemented in consideration of different corporate size and technical abilities. In conclusion, data protection is consumer protection, requiring responsible data management, and a domestic law that gives incentives. I would like to thank you again for the opportunity to testify by this small committee. We look forward to your question.
The proposed privacy rights (APRA) was praised, but was concerned about the preliminary and unintended results.
The debate extends to the complexity of cyber threats, such as phishing attacks generated by AI and national hacking campaign. March 8, 2024: A reference person gathering at the U. S. Senate Committee Russell 253 for a hearing on data privacy enhancement.
Jake Parker:
The following is a record of the hearing.
Another example is that as the attacker becomes more sophisticated, we provide mult i-factor authentication and remote authentication services that are becoming indispensable to prevent theft of personal information in fraud. These advanced technologies provided by the industry, especially biometrics, provide more reliable certifications while reducing passwords and other personal information exposure that are easily abused by ID theft and cyber hackers. As I heard from other reference people, the threat to data security is very serious and rapid, and it is necessary to deal with technical standards, product functions, best practices, and security tools. With the right public policy, you can deal with privacy and data security. And it has an important role in public policy. Colorado, Texas, Tennessee, and when I counted by the end of this month, the company has established a comprehensive privacy and data security method that covers more than 160 million Americans, nearly half of the population. The state of the state is 19 in total.
The debate extends to the complexity of cyber threats, such as phishing attacks generated by AI and national hacking campaign. March 8, 2024: A reference person gathering at the U. S. Senate Committee Russell 253 for a hearing on data privacy enhancement.
However, having unified state standards can strengthen data security and at the same time, can bring more profits to companies and consumers, and the national standard is supported by our members. We are paying attention to new discussions in parliament on the formulation of such standards, and we are encouraging to see the progress. It is important that the necessary data for safety and security will continue to be used. For example, our members and their customers are often informed of alarms and emergencies first, and having appropriate data is in places needed as quickly as possible by law execution organizations and other responders. Useful to arrive. Also, as I mentioned earlier, many technologies are used to achieve the goals of drafts considered in Chapter 9. Therefore, in order to have unified and executable state standards, states and regions need to be strongly preempted to avoid additional requirements. Another example is that as the attacker becomes more sophisticated, we provide mult i-factor authentication and remote authentication services that are becoming indispensable to prevent theft of personal information in fraud. These advanced technologies provided by the industry, especially biometrics, provide more reliable certifications while reducing passwords and other personal information exposure that are easily abused by ID theft and cyber hackers. As I heard from other reference people, the threat to data security is very serious and rapid, and it is necessary to deal with technical standards, product functions, best practices, and security tools. With the right public policy, you can deal with privacy and data security. And it has an important role in public policy. Colorado, Texas, Tennessee, and when I counted by the end of this month, the company has established a comprehensive privacy and data security method that covers more than 160 million Americans, nearly half of the population. The state of the state is 19 in total.
By 2030, China plans to enhance larg e-scale surveillance nations with AI, and to collect and hold data at the center of the strategy. At the same time, in the United States, AI technology is becoming more and more linked to our daily lives, and consumers are legitimate how their data is used for training these large language models and AI applications. I have a question. Today, I would like to discuss why the federal privacy and security laws are needed to fight such threats. Second, parliament has passed a dangerous stage to sow power in both state and other countries. As is well known, the state government has rapidly enacted privacy laws and has created patchwork for regulations that can be a headache for our business. There are such laws in Tennessee and Coloradado, and European countries have also punched us. A few years ago, GDPR was enforced, and now GDPR is used as a foundation for AI. < SPAN> In 2012, we were there. And now, as we know, this problem has not been dealt with and has not been solved, so taking measures is increasing every day. The need for a quick and effective privacy and data security law is urgent for some reasons. First, the momentum of China and other malicious traders does not stop. By the way, Christopher Ray FBi attended the judicial committee meeting and stated very important. If you are an adult in the United States, it is highly likely that China has stolen personal data. He also stated that China's larg e-scale hacking program is the largest in the world, stealing more American personal data and business data than any other country. We need to pay attention to this. Now that China is about to become a world leader in artificial intelligence, the threat is particularly large.
This is really important for our industry. It is also necessary to reduce the risk of da y-watching complaints, as seen in several judicial jurisdictions regarding privacy issues. Therefore, through the holding of this hearing, through the Data Privacy Advisory Committee and the Cyber Security Advisory Committee, we provide important resources in the industry, especially in the industry, and do our best to adopt and encourage the best practices. Thank you for your leadership and emphasis on data security as an organization. I look forward to continuing to cooperate with you on behalf of SIA and members.
The debate extends to the complexity of cyber threats, such as phishing attacks generated by AI and national hacking campaign. March 8, 2024: A reference person gathering at the U. S. Senate Committee Russell 253 for a hearing on data privacy enhancement.
Thank you for coming here. I understand how busy you are, and there is no choice but to sacrifice. Share your information, wisdom and data with us. First of all, from Tribededi. Lincoln's famous words say, "If there is a national sentiment, nothing will fail, and without it, nothing will be successful." Several states have their own laws, and the laws will soon be enacted in 19 states. About the types of data that companies can collect, how to provide information to consumers, and the protection of consumers. With a clear consistent rule, I think companies can compete more fairly. I think that is basically important, especially for SMEs. So, Vedi, how do you think the national standard of data minimizes and data security will eventually bring your customers and their privacy?
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
John Hicken Looper Senator (Democratic Party):
The debate extends to the complexity of cyber threats, such as phishing attacks generated by AI and national hacking campaign. March 8, 2024: A reference person gathering at the U. S. Senate Committee Russell 253 for a hearing on data privacy enhancement.
Prem Trivededy This is really important for our industry. It is also necessary to reduce the risk of da y-watching complaints, as seen in several judicial jurisdictions regarding privacy issues. Therefore, through the holding of this hearing, through the Data Privacy Advisory Committee and the Cyber Security Advisory Committee, we provide important resources in the industry, especially in the industry, and do our best to adopt and encourage the best practices. Thank you for your leadership and emphasis on data security as an organization. I look forward to continuing to cooperate with you on behalf of SIA and members.
The privacy and minimization of data can be regarded as the principle of security.
Thank you for coming here. I understand how busy you are, and there is no choice but to sacrifice. Share your information, wisdom and data with us. First of all, from Tribededi. Lincoln's famous words say, "If there is a national sentiment, nothing will fail, and without it, nothing will be successful." Several states have their own laws, and the laws will soon be enacted in 19 states. About the types of data that companies can collect, how to provide information to consumers, and the protection of consumers. With a clear consistent rule, I think companies can compete more fairly. I think that is basically important, especially for SMEs. So, Vedi, how do you think the national standard of data minimizes and data security will eventually bring your customers and their privacy?
The debate extends to the complexity of cyber threats, such as phishing attacks generated by AI and national hacking campaign. March 8, 2024: A reference person gathering at the U. S. Senate Committee Russell 253 for a hearing on data privacy enhancement.
The proposed privacy rights (APRA) was praised, but was concerned about the preliminary and unintended results.
That puts consumers at risk. And it's also a risk for businesses. So I think a common data minimization approach and a data security approach at the federal level would help these companies be responsible data stewards.
The debate extends to the complexity of cyber threats, such as phishing attacks generated by AI and national hacking campaign. March 8, 2024: A reference person gathering at the U. S. Senate Committee Russell 253 for a hearing on data privacy enhancement.
The following is a record of the hearing.
Senator John Hickenlooper (Democrat): Thank you for your question, President Hickenlooper. First of all, I want to say that Americans know that their data is the most sensitive aspect of their lives, and that's why they want strong protections for that data. And as you say, a national standard would not only give equal protection to all Americans, but it would give uniform expectations to all companies. Because the data privacy and security legal system in the United States is fragmented, which makes consumers more vulnerable. I think it's particularly burdensome for small businesses, because they have to develop complex compliance programs that address a patchwork of states, and there are no clear national rules. And to add to your question about small businesses, many of them don't want to collect as much data as possible to run their business. But because there's no sort of national standard that's reliable, robust, and flexible, I think they feel like they're at a competitive disadvantage if they don't collect as much data as possible.
By 2030, China plans to enhance larg e-scale surveillance nations with AI, and to collect and hold data at the center of the strategy. At the same time, in the United States, AI technology is becoming more and more linked to our daily lives, and consumers are legitimate how their data is used for training these large language models and AI applications. I have a question. Today, I would like to discuss why the federal privacy and security laws are needed to fight such threats. Second, parliament has passed a dangerous stage to sow power in both state and other countries. As is well known, the state government has rapidly enacted privacy laws and has created patchwork for regulations that can be a headache for our business. There are such laws in Tennessee and Coloradado, and European countries have also punched us. A few years ago, GDPR was enforced, and now GDPR is used as a foundation for AI. < SPAN> In 2012, we were there. And now, as we know, this problem has not been dealt with and has not been solved, so taking measures is increasing every day. The need for a quick and effective privacy and data security law is urgent for some reasons. First, the momentum of China and other malicious traders does not stop. By the way, Christopher Ray FBi attended the judicial committee meeting and stated very important. If you are an adult in the United States, it is highly likely that China has stolen personal data. He also stated that China's larg e-scale hacking program is the largest in the world, stealing more American personal data and business data than any other country. We need to pay attention to this. Now that China is about to become a world leader in artificial intelligence, the threat is particularly large.
Senator John Hickenlooper (Democrat):
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
Sam Kaplan:
By 2030, China plans to enhance larg e-scale surveillance nations with AI, and to collect and hold data at the center of the strategy. At the same time, in the United States, AI technology is becoming more and more linked to our daily lives, and consumers are legitimate how their data is used for training these large language models and AI applications. I have a question. Today, I would like to discuss why the federal privacy and security laws are needed to fight such threats. Second, parliament has passed a dangerous stage to sow power in both state and other countries. As is well known, the state government has rapidly enacted privacy laws and has created patchwork for regulations that can be a headache for our business. There are such laws in Tennessee and Coloradado, and European countries have also punched us. A few years ago, GDPR was enforced, and now GDPR is used as a foundation for AI. < SPAN> In 2012, we were there. And now, as we know, this problem has not been dealt with and has not been solved, so taking measures is increasing every day. The need for a quick and effective privacy and data security law is urgent for some reasons. First, the momentum of China and other malicious traders does not stop. By the way, Christopher Ray FBi attended the judicial committee meeting and stated very important. If you are an adult in the United States, it is highly likely that China has stolen personal data. He also stated that China's larg e-scale hacking program is the largest in the world, stealing more American personal data and business data than any other country. We need to pay attention to this. Now that China is about to become a world leader in artificial intelligence, the threat is particularly large.
All vulnerabilities should be taken seriously in accordance with this spirit. However, as a particularly troublesome vulnerability, we focused on vulnerabilities called remote desktop protocols (RDP). In particular, if this vulnerability is misused, threat actors and attackers will be able to easily access dee p-level administrator privileges on the victim system, making it possible to enter better and faster data. Masu. These RDP vulnerabilities will unlock the kingdom. For this reason, it is particularly difficult for us to be more clever to the Company, which is particularly concerned about la y-ized defense and zer o-trust architecture, as much as possible, as much as possible. It is to do.
John Hicken Looper Senator (Democratic Party):
The privacy and minimization of data can be regarded as the principle of security.
Senator Masha Blackburn (elected Tennessee):
All vulnerabilities should be taken seriously in accordance with this spirit. However, as a particularly troublesome vulnerability, we focused on vulnerabilities called remote desktop protocols (RDP). In particular, if this vulnerability is misused, threat actors and attackers will be able to easily access dee p-level administrator privileges on the victim system, making it possible to enter better and faster data. Masu. These RDP vulnerabilities will unlock the kingdom. For this reason, it is particularly difficult for us to be more clever to the Company, which is particularly concerned about la y-ized defense and zer o-trust architecture, as much as possible, as much as possible. It is to do.
[...]
The privacy and minimization of data can be regarded as the principle of security.
[...]
All vulnerabilities should be taken seriously in accordance with this spirit. However, as a particularly troublesome vulnerability, we focused on vulnerabilities called remote desktop protocols (RDP). In particular, if this vulnerability is misused, threat actors and attackers will be able to easily access dee p-level administrator privileges on the victim system, making it possible to enter better and faster data. Masu. These RDP vulnerabilities will unlock the kingdom. For this reason, it is particularly difficult for us to be more clever to the Company, which is particularly concerned about la y-ized defense and zer o-trust architecture, as much as possible, as much as possible. It is to do.
James Lee < Span> All vulnerabilities should be taken seriously in accordance with this spirit. However, as a particularly troublesome vulnerability, we focused on vulnerabilities called remote desktop protocols (RDP). In particular, if this vulnerability is misused, threat actors and attackers will be able to easily access dee p-level administrator privileges on the victim system, making it possible to enter better and faster data. Masu. These RDP vulnerabilities will unlock the kingdom. For this reason, it is particularly difficult for us to be more clever to the Company, which is particularly concerned about la y-ized defense and zer o-trust architecture, as much as possible, as much as possible. It is to do.
The privacy and minimization of data can be regarded as the principle of security.
Some of them will be later. In such a hearing, you will be warned of some open doors, which will activate your trading activities. Ask a question to the Vic e-Chair Senator Blackburn.
All vulnerabilities should be taken seriously in accordance with this spirit. However, as a particularly troublesome vulnerability, we focused on vulnerabilities called remote desktop protocols (RDP). In particular, if this vulnerability is misused, threat actors and attackers will be able to easily access dee p-level administrator privileges on the victim system, making it possible to enter better and faster data. Masu. These RDP vulnerabilities will unlock the kingdom. For this reason, it is particularly difficult for us to be more clever to the Company, which is particularly concerned about la y-ized defense and zer o-trust architecture, as much as possible, as much as possible. It is to do.
Thank you for your testimony. I want to start with GDPR. As I mentioned in the opening greeting, do you participate in the EU in some way? Please raise your hand. OK. They are Trivedi. [...]
The privacy and minimization of data can be regarded as the principle of security.
[...]
All vulnerabilities should be taken seriously in accordance with this spirit. However, as a particularly troublesome vulnerability, we focused on vulnerabilities called remote desktop protocols (RDP). In particular, if this vulnerability is misused, threat actors and attackers will be able to easily access dee p-level administrator privileges on the victim system, making it possible to enter better and faster data. Masu. These RDP vulnerabilities will unlock the kingdom. For this reason, it is particularly difficult for us to be more clever to the Company, which is particularly concerned about la y-ized defense and zer o-trust architecture, as much as possible, as much as possible. It is to do.
Lee is the same. As I mentioned earlier, we know that the EU's friends have done a little too much, but companies have already introduced these protocols to meet the GDPR standards. So, if you can see what they have done, you can see that there are laws in Canada, New Zealand has a law, and Australia has a law to protect all the people in virtual space. Lee, what should I learn from GDPR experience and what should I learn? I would like to ask for a short time so that I can easily ask questions.
The privacy and minimization of data can be regarded as the principle of security.
John Hicken Looper Senator (Democratic Party):
All vulnerabilities should be taken seriously in accordance with this spirit. However, as a particularly troublesome vulnerability, we focused on vulnerabilities called remote desktop protocols (RDP). In particular, if this vulnerability is misused, threat actors and attackers will be able to easily access dee p-level administrator privileges on the victim system, making it possible to enter better and faster data. Masu. These RDP vulnerabilities will unlock the kingdom. For this reason, it is particularly difficult for us to be more clever to the Company, which is particularly concerned about la y-ized defense and zer o-trust architecture, as much as possible, as much as possible. It is to do.
Senator Masha Blackburn (elected Tennessee):
By 2030, China plans to enhance larg e-scale surveillance nations with AI, and to collect and hold data at the center of the strategy. At the same time, in the United States, AI technology is becoming more and more linked to our daily lives, and consumers are legitimate how their data is used for training these large language models and AI applications. I have a question. Today, I would like to discuss why the federal privacy and security laws are needed to fight such threats. Second, parliament has passed a dangerous stage to sow power in both state and other countries. As is well known, the state government has rapidly enacted privacy laws and has created patchwork for regulations that can be a headache for our business. There are such laws in Tennessee and Coloradado, and European countries have also punched us. A few years ago, GDPR was enforced, and now GDPR is used as a foundation for AI. < SPAN> In 2012, we were there. And now, as we know, this problem has not been dealt with and has not been solved, so taking measures is increasing every day. The need for a quick and effective privacy and data security law is urgent for some reasons. First, the momentum of China and other malicious traders does not stop. By the way, Christopher Ray FBi attended the judicial committee meeting and stated very important. If you are an adult in the United States, it is highly likely that China has stolen personal data. He also stated that China's larg e-scale hacking program is the largest in the world, stealing more American personal data and business data than any other country. We need to pay attention to this. Now that China is about to become a world leader in artificial intelligence, the threat is particularly large.
[...]
All vulnerabilities should be taken seriously in accordance with this spirit. However, as a particularly troublesome vulnerability, we focused on vulnerabilities called remote desktop protocols (RDP). In particular, if this vulnerability is misused, threat actors and attackers will be able to easily access dee p-level administrator privileges on the victim system, making it possible to enter better and faster data. Masu. These RDP vulnerabilities will unlock the kingdom. For this reason, it is particularly difficult for us to be more clever to the Company, which is particularly concerned about la y-ized defense and zer o-trust architecture, as much as possible, as much as possible. It is to do.
[...]
The following is a record of the hearing.
James Lee
All vulnerabilities should be taken seriously in accordance with this spirit. However, as a particularly troublesome vulnerability, we focused on vulnerabilities called remote desktop protocols (RDP). In particular, if this vulnerability is misused, threat actors and attackers will be able to easily access dee p-level administrator privileges on the victim system, making it possible to enter better and faster data. Masu. These RDP vulnerabilities will unlock the kingdom. For this reason, it is particularly difficult for us to be more clever to the Company, which is particularly concerned about la y-ized defense and zer o-trust architecture, as much as possible, as much as possible. It is to do.
Senator Masha Blackburn (elected Tennessee):
The following is a record of the hearing.
Sam Kaplan:
All vulnerabilities should be taken seriously in accordance with this spirit. However, as a particularly troublesome vulnerability, we focused on vulnerabilities called remote desktop protocols (RDP). In particular, if this vulnerability is misused, threat actors and attackers will be able to easily access dee p-level administrator privileges on the victim system, making it possible to enter better and faster data. Masu. These RDP vulnerabilities will unlock the kingdom. For this reason, it is particularly difficult for us to be more clever to the Company, which is particularly concerned about la y-ized defense and zer o-trust architecture, as much as possible, as much as possible. It is to do.
Senator Masha Blackburn (elected Tennessee):
The following is a record of the hearing.
Sam Kaplan
All vulnerabilities should be taken seriously in accordance with this spirit. However, as a particularly troublesome vulnerability, we focused on vulnerabilities called remote desktop protocols (RDP). In particular, if this vulnerability is misused, threat actors and attackers will be able to easily access dee p-level administrator privileges on the victim system, making it possible to enter better and faster data. Masu. These RDP vulnerabilities will unlock the kingdom. For this reason, it is particularly difficult for us to be more clever to the Company, which is particularly concerned about la y-ized defense and zer o-trust architecture, as much as possible, as much as possible. It is to do.
Senator Masha Blackburn (elected Tennessee):
The following is a record of the hearing.
This is Prem Trivededy:
All vulnerabilities should be taken seriously in accordance with this spirit. However, as a particularly troublesome vulnerability, we focused on vulnerabilities called remote desktop protocols (RDP). In particular, if this vulnerability is misused, threat actors and attackers will be able to easily access dee p-level administrator privileges on the victim system, making it possible to enter better and faster data. Masu. These RDP vulnerabilities will unlock the kingdom. For this reason, it is particularly difficult for us to be more clever to the Company, which is particularly concerned about la y-ized defense and zer o-trust architecture, as much as possible, as much as possible. It is to do.
Senator Masha Blackburn (elected Tennessee):
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
Senator Masha Blackburn (elected Tennessee):
The mechanism of the evaluation report is correct. Kaplan.
The following is a record of the hearing.
Thank you, Senator. That's a great question. Speaking of macr o-level, the complexity of single standardized regulations that spans multiple markets only increase costs. From a cyber security perspective, resources and resources that are used for incidents should be used for incidents, rather than examining regulation compliance.
The mechanism of the evaluation report is correct. Kaplan.
As I say, it requires a series of rules by one regulatory authorities for the entire Internet ecosystem.
The privacy and minimization of data can be regarded as the principle of security.
One of the features is the reduction of prediction potential and regulation complexity.
The mechanism of the evaluation report is correct. Kaplan.
Triveded, is it delicious?
The proposed privacy rights (APRA) was praised, but was concerned about the preliminary and unintended results.
Senator, thank you for your question. I think the first lesson is to move quickly to demonstrate the single standard that you have emphasized. This is what we should emulate. GDPR did not have enough strength to minimize data, but I think the system we are working on in the United States will be better. I think GDPR is definitely giving the company the authority to determine the meaning of minimization. And I think it should be a kind of rationality and flexibility, and I think it is necessary to have a strong and flexible approach, but I think there is an opportunity to act in the United States that works for us. Masu.
The mechanism of the evaluation report is correct. Kaplan.
Jake Parker: I think it's right to deal with the more technical aspects of preparing the necessary programs and confirming that they are facing the risk they are facing. It is not necessarily standard, but it is necessary to evaluate and report, and if there is a data leak, it is necessary to report it to the country's data authorities.
The privacy and minimization of data can be regarded as the principle of security.
The mechanism of the evaluation report is correct. Kaplan.
The mechanism of the evaluation report is correct. Kaplan.
Thank you, Senator. That's a great question. Speaking of macr o-level, the complexity of single standardized regulations that spans multiple markets only increase costs. From a cyber security perspective, resources and resources that are used for incidents should be used for incidents, rather than examining regulation compliance.
The privacy and minimization of data can be regarded as the principle of security.
As I say, it requires a series of rules by one regulatory authorities for the entire Internet ecosystem.
The mechanism of the evaluation report is correct. Kaplan.
One of the features is the reduction of prediction potential and regulation complexity.
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
Triveded, is it delicious?
By 2030, China plans to enhance larg e-scale surveillance nations with AI, and to collect and hold data at the center of the strategy. At the same time, in the United States, AI technology is becoming more and more linked to our daily lives, and consumers are legitimate how their data is used for training these large language models and AI applications. I have a question. Today, I would like to discuss why the federal privacy and security laws are needed to fight such threats. Second, parliament has passed a dangerous stage to sow power in both state and other countries. As is well known, the state government has rapidly enacted privacy laws and has created patchwork for regulations that can be a headache for our business. There are such laws in Tennessee and Coloradado, and European countries have also punched us. A few years ago, GDPR was enforced, and now GDPR is used as a foundation for AI. < SPAN> In 2012, we were there. And now, as we know, this problem has not been dealt with and has not been solved, so taking measures is increasing every day. The need for a quick and effective privacy and data security law is urgent for some reasons. First, the momentum of China and other malicious traders does not stop. By the way, Christopher Ray FBi attended the judicial committee meeting and stated very important. If you are an adult in the United States, it is highly likely that China has stolen personal data. He also stated that China's larg e-scale hacking program is the largest in the world, stealing more American personal data and business data than any other country. We need to pay attention to this. Now that China is about to become a world leader in artificial intelligence, the threat is particularly large.
Senator, thank you for your question. I think the first lesson is to move quickly to demonstrate the single standard that you have emphasized. This is what we should emulate. GDPR did not have enough strength to minimize data, but I think the system we are working on in the United States will be better. I think GDPR is definitely giving the company the authority to determine the meaning of minimization. And I think it should be a kind of rationality and flexibility, and I think it is necessary to have a strong and flexible approach, but I think there is an opportunity to act in the United States that works for us. Masu.
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
Jake Parker
By 2030, China plans to enhance larg e-scale surveillance nations with AI, and to collect and hold data at the center of the strategy. At the same time, in the United States, AI technology is becoming more and more linked to our daily lives, and consumers are legitimate how their data is used for training these large language models and AI applications. I have a question. Today, I would like to discuss why the federal privacy and security laws are needed to fight such threats. Second, parliament has passed a dangerous stage to sow power in both state and other countries. As is well known, the state government has rapidly enacted privacy laws and has created patchwork for regulations that can be a headache for our business. There are such laws in Tennessee and Coloradado, and European countries have also punched us. A few years ago, GDPR was enforced, and now GDPR is used as a foundation for AI. < SPAN> In 2012, we were there. And now, as we know, this problem has not been dealt with and has not been solved, so taking measures is increasing every day. The need for a quick and effective privacy and data security law is urgent for some reasons. First, the momentum of China and other malicious traders does not stop. By the way, Christopher Ray FBi attended the judicial committee meeting and stated very important. If you are an adult in the United States, it is highly likely that China has stolen personal data. He also stated that China's larg e-scale hacking program is the largest in the world, stealing more American personal data and business data than any other country. We need to pay attention to this. Now that China is about to become a world leader in artificial intelligence, the threat is particularly large.
Senator Masha Blackburn (elected Tennessee):
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
James Lee
The privacy and minimization of data can be regarded as the principle of security.
Senator Masha Blackburn (elected Tennessee):
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
James Lee
By 2030, China plans to enhance larg e-scale surveillance nations with AI, and to collect and hold data at the center of the strategy. At the same time, in the United States, AI technology is becoming more and more linked to our daily lives, and consumers are legitimate how their data is used for training these large language models and AI applications. I have a question. Today, I would like to discuss why the federal privacy and security laws are needed to fight such threats. Second, parliament has passed a dangerous stage to sow power in both state and other countries. As is well known, the state government has rapidly enacted privacy laws and has created patchwork for regulations that can be a headache for our business. There are such laws in Tennessee and Coloradado, and European countries have also punched us. A few years ago, GDPR was enforced, and now GDPR is used as a foundation for AI. < SPAN> In 2012, we were there. And now, as we know, this problem has not been dealt with and has not been solved, so taking measures is increasing every day. The need for a quick and effective privacy and data security law is urgent for some reasons. First, the momentum of China and other malicious traders does not stop. By the way, Christopher Ray FBi attended the judicial committee meeting and stated very important. If you are an adult in the United States, it is highly likely that China has stolen personal data. He also stated that China's larg e-scale hacking program is the largest in the world, stealing more American personal data and business data than any other country. We need to pay attention to this. Now that China is about to become a world leader in artificial intelligence, the threat is particularly large.
I agree. As you said, data leakage is a fuel that leads to Capran.
The following is a record of the hearing.
Senator: From a macro perspective, minimizing data is an increasingly useful principle for companies that handle consume r-centered data to reduce the target area. To do so, we believe that the minimum tools can be an important tool, although it is legal, wide, not wide, and tolerant of information protection. Like
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
Do you classify?
The proposed privacy rights (APRA) was praised, but was concerned about the preliminary and unintended results.
Senator Masha Blackburn (elected Tennessee):
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
Prem Trivededy: < SPAN> Focusing on rationality, proportionalness, and consent is very similar to many states. In other words, these two have something in common, but it is a bit different from the federa l-level proposal you are talking about. However, according to what I have heard, the interpretation of data protection authorities in each country in the EU has become a problem, causing problems in companies that are active in the EU and in different laws.
The privacy and minimization of data can be regarded as the principle of security.
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
James Lee
I think it should be indispensable. In order to reduce ID crimes, it is necessary to reduce the victims. It is necessary to reduce the supply of data that can be abused by individuals, even if it is stolen or leaked by accident. Without it, you can't expose. it is...
Senator Masha Blackburn (elected Tennessee):
By 2030, China plans to enhance larg e-scale surveillance nations with AI, and to collect and hold data at the center of the strategy. At the same time, in the United States, AI technology is becoming more and more linked to our daily lives, and consumers are legitimate how their data is used for training these large language models and AI applications. I have a question. Today, I would like to discuss why the federal privacy and security laws are needed to fight such threats. Second, parliament has passed a dangerous stage to sow power in both state and other countries. As is well known, the state government has rapidly enacted privacy laws and has created patchwork for regulations that can be a headache for our business. There are such laws in Tennessee and Coloradado, and European countries have also punched us. A few years ago, GDPR was enforced, and now GDPR is used as a foundation for AI. < SPAN> In 2012, we were there. And now, as we know, this problem has not been dealt with and has not been solved, so taking measures is increasing every day. The need for a quick and effective privacy and data security law is urgent for some reasons. First, the momentum of China and other malicious traders does not stop. By the way, Christopher Ray FBi attended the judicial committee meeting and stated very important. If you are an adult in the United States, it is highly likely that China has stolen personal data. He also stated that China's larg e-scale hacking program is the largest in the world, stealing more American personal data and business data than any other country. We need to pay attention to this. Now that China is about to become a world leader in artificial intelligence, the threat is particularly large.
James Lee
I think it should be indispensable. In order to reduce ID crimes, it is necessary to reduce the victims. It is necessary to reduce the supply of data that can be abused by individuals, even if it is stolen or leaked by accident. Without it, you can't expose. it is...
I agree. As you said, data leakage is a fuel that leads to Capran.
By 2030, China plans to enhance larg e-scale surveillance nations with AI, and to collect and hold data at the center of the strategy. At the same time, in the United States, AI technology is becoming more and more linked to our daily lives, and consumers are legitimate how their data is used for training these large language models and AI applications. I have a question. Today, I would like to discuss why the federal privacy and security laws are needed to fight such threats. Second, parliament has passed a dangerous stage to sow power in both state and other countries. As is well known, the state government has rapidly enacted privacy laws and has created patchwork for regulations that can be a headache for our business. There are such laws in Tennessee and Coloradado, and European countries have also punched us. A few years ago, GDPR was enforced, and now GDPR is used as a foundation for AI. < SPAN> In 2012, we were there. And now, as we know, this problem has not been dealt with and has not been solved, so taking measures is increasing every day. The need for a quick and effective privacy and data security law is urgent for some reasons. First, the momentum of China and other malicious traders does not stop. By the way, Christopher Ray FBi attended the judicial committee meeting and stated very important. If you are an adult in the United States, it is highly likely that China has stolen personal data. He also stated that China's larg e-scale hacking program is the largest in the world, stealing more American personal data and business data than any other country. We need to pay attention to this. Now that China is about to become a world leader in artificial intelligence, the threat is particularly large.
Senator: From a macro perspective, minimizing data is an increasingly useful principle for companies that handle consume r-centered data to reduce the target area. To do so, we believe that the minimum tools can be an important tool, although it is legal, wide, not wide, and tolerant of information protection. Like
I think it should be indispensable. In order to reduce ID crimes, it is necessary to reduce the victims. It is necessary to reduce the supply of data that can be abused by individuals, even if it is stolen or leaked by accident. Without it, you can't expose. it is...
Do you classify?
By 2030, China plans to enhance larg e-scale surveillance nations with AI, and to collect and hold data at the center of the strategy. At the same time, in the United States, AI technology is becoming more and more linked to our daily lives, and consumers are legitimate how their data is used for training these large language models and AI applications. I have a question. Today, I would like to discuss why the federal privacy and security laws are needed to fight such threats. Second, parliament has passed a dangerous stage to sow power in both state and other countries. As is well known, the state government has rapidly enacted privacy laws and has created patchwork for regulations that can be a headache for our business. There are such laws in Tennessee and Coloradado, and European countries have also punched us. A few years ago, GDPR was enforced, and now GDPR is used as a foundation for AI. < SPAN> In 2012, we were there. And now, as we know, this problem has not been dealt with and has not been solved, so taking measures is increasing every day. The need for a quick and effective privacy and data security law is urgent for some reasons. First, the momentum of China and other malicious traders does not stop. By the way, Christopher Ray FBi attended the judicial committee meeting and stated very important. If you are an adult in the United States, it is highly likely that China has stolen personal data. He also stated that China's larg e-scale hacking program is the largest in the world, stealing more American personal data and business data than any other country. We need to pay attention to this. Now that China is about to become a world leader in artificial intelligence, the threat is particularly large.
Senator Masha Blackburn (elected Tennessee):
I think it should be indispensable. In order to reduce ID crimes, it is necessary to reduce the victims. It is necessary to reduce the supply of data that can be abused by individuals, even if it is stolen or leaked by accident. Without it, you can't expose. it is...
Prem Tribededi: The point of rationality, proportional, and consent is very similar to many states that many states have already done. In other words, these two have something in common, but it is a bit different from the federa l-level proposal you are talking about. However, according to what I have heard, the interpretation of data protection authorities in each country in the EU has become a problem, causing problems in companies that are active in the EU and in different laws.
By 2030, China plans to enhance larg e-scale surveillance nations with AI, and to collect and hold data at the center of the strategy. At the same time, in the United States, AI technology is becoming more and more linked to our daily lives, and consumers are legitimate how their data is used for training these large language models and AI applications. I have a question. Today, I would like to discuss why the federal privacy and security laws are needed to fight such threats. Second, parliament has passed a dangerous stage to sow power in both state and other countries. As is well known, the state government has rapidly enacted privacy laws and has created patchwork for regulations that can be a headache for our business. There are such laws in Tennessee and Coloradado, and European countries have also punched us. A few years ago, GDPR was enforced, and now GDPR is used as a foundation for AI. < SPAN> In 2012, we were there. And now, as we know, this problem has not been dealt with and has not been solved, so taking measures is increasing every day. The need for a quick and effective privacy and data security law is urgent for some reasons. First, the momentum of China and other malicious traders does not stop. By the way, Christopher Ray FBi attended the judicial committee meeting and stated very important. If you are an adult in the United States, it is highly likely that China has stolen personal data. He also stated that China's larg e-scale hacking program is the largest in the world, stealing more American personal data and business data than any other country. We need to pay attention to this. Now that China is about to become a world leader in artificial intelligence, the threat is particularly large.
And digital marketing and digital services, several other fields, overlap there. I would like to ask Mr. Lee about the minimization of data. What do you think about minimizing data as a principle of security in this discussion?
I think it should be indispensable. In order to reduce ID crimes, it is necessary to reduce the victims. It is necessary to reduce the supply of data that can be abused by individuals, even if it is stolen or leaked by accident. Without it, you can't expose. it is...
I think it should be indispensable. In order to reduce ID crimes, it is necessary to reduce the victims. It is necessary to reduce the supply of data that can be abused by individuals, even if it is stolen or leaked by accident. Without it, you can't expose. it is...
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
That is how to connect these two.
The privacy and minimization of data can be regarded as the principle of security.
Senator Masha Blackburn (elected Tennessee):
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
Sam Kaplan
The proposed privacy rights (APRA) was praised, but was concerned about the preliminary and unintended results.
Senator Masha Blackburn (elected Tennessee):
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
Sam Kaplan
The proposed privacy rights (APRA) was praised, but was concerned about the preliminary and unintended results.
Well. Mr. Trivegi
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
Thank you. Data minimization is an essential part of data security. If you only collect what you need, you reduce your attack surface. Again, you can't exploit or hack something that doesn't exist in the first place.
The following is a record of the hearing.
Mr. Parker, can I?
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
Well, so there's a little bit of a difference between data minimization as an operational principle and as a policy principle. I mean, it certainly plays a big role in data security from an operational standpoint, certainly from a policy standpoint. I think a general approach of having a number of permissible purposes for data collection and processing would certainly be useful. But there's also the question of what we're going to do with that going forward. Will it be in the future, very narrow, to cover what we need now? These are all legitimate questions, but it's certainly an interesting approach.
By 2030, China plans to enhance larg e-scale surveillance nations with AI, and to collect and hold data at the center of the strategy. At the same time, in the United States, AI technology is becoming more and more linked to our daily lives, and consumers are legitimate how their data is used for training these large language models and AI applications. I have a question. Today, I would like to discuss why the federal privacy and security laws are needed to fight such threats. Second, parliament has passed a dangerous stage to sow power in both state and other countries. As is well known, the state government has rapidly enacted privacy laws and has created patchwork for regulations that can be a headache for our business. There are such laws in Tennessee and Coloradado, and European countries have also punched us. A few years ago, GDPR was enforced, and now GDPR is used as a foundation for AI. < SPAN> In 2012, we were there. And now, as we know, this problem has not been dealt with and has not been solved, so taking measures is increasing every day. The need for a quick and effective privacy and data security law is urgent for some reasons. First, the momentum of China and other malicious traders does not stop. By the way, Christopher Ray FBi attended the judicial committee meeting and stated very important. If you are an adult in the United States, it is highly likely that China has stolen personal data. He also stated that China's larg e-scale hacking program is the largest in the world, stealing more American personal data and business data than any other country. We need to pay attention to this. Now that China is about to become a world leader in artificial intelligence, the threat is particularly large.
Big. Can I ask you something? Of course. Peter's here. So I'm not watching. Go to him. I have something else I want to ask you.
Jake Parker, Senior Director in charge of Security Industry Association Government (writing testimony)
We also have Senator Klobuchar. Ask me a question.
Authors
Senator Marsha Blackburn (R-TN):