At a glance.
- Arkansas establishes a minimum age requirement for social media users.
- State-level digital safety laws.
- Implications of SEC cybersecurity rules for CISOs.
Arkansas establishes a minimum age requirement for social media users.
CNN reports that Sarah Huckabee Sanders, the Governor of the US state of Arkansas, has signed a bill requiring social media sites to verify a user’s age and if they are under 18, require consent of a parent or legal guardian. This follows a related bill passed last month in Utah that comes after widespread criticisms of social media access and impacts continue to mount. This bill raises some concerns, as verification is said to be done via a legal form of identification, and may infringe on the rights of the younger users. “While social media can be a great tool and a wonderful resource, it can have a massive negative impact on our kids,” said Sanders at a press conference prior to the bill’s signing.
State-level digital safety laws.
Following the passage of Utah’s internet safety bill, and the proposal of internet child-safety bills in other states, such as Maryland and California, the jury is out if parental oversight is a good idea or bad idea. Politico shares that privacy groups and advocates for children’s mental health are averse to the idea, as this attempt to protect children from online dangers may create harm in their own respect. “That means that a child couldn’t privately discuss sexual abuse with friends online, they couldn’t privately discuss reproductive rights or abortion access,” said Jason Kelley, an associate director at the digital rights group Electronic Frontier Foundation. “They couldn’t even really speak out about parental abuse with their friends online because their parents could see it.” These policies seem to remain on the state level for now, but last year’s federal Kids Online Safety Act that failed passage is anticipated to be reintroduced. No parental monitoring requirements are mentioned in the federal bill, however.
Implications of SEC cybersecurity rules for CISOs.
The US Securities and Exchange Commission (SEC) in March proposed new rules for cyber risk management that include acknowledging strategy, governance, and incident disclosure. Contrast Security reports that one part of the rule, specifically addresses cybersecurity company leadership, such as Chief Information Security Officers (CISOs), and disclosure, saying “soon we’ll see required public disclosure of director experience in cybersecurity and risk oversight practices.” This will help fill what the firm called “CISO-sized holes” in the boardrooms of many organizations, as cybersecurity has often taken a backseat for executives. This rule’s implementation may begin what some have coined the “liability regime” at the hands of the SEC, as responsibility for cybersecurity and protections will fall on companies and firms, and will hold organizations accountable for their own cyber practices, says Contrast Security.
The SEC rule requires directors with expertise on the board, the disclosure of government and oversight practices, and cyber incident details. Only barely over half of Fortune 100 companies (51%) reportedly have a director with an applicable cybersecurity background, says Forbes Technology Councilmember, Brian Walker, and the number shrinks even further at the Fortune 200 and 500 level, dropping to a jarring nine percent.