When browsing for a restaurant, a wide range of tools are available to the diner to identify their potential experience, such as a restaurant’s letter grade from the health inspector. When it comes to cybersecurity practices and the safety of an individual’s personal data, however, these tools can be hard to come by at a consumer level.
Writing for the New York Times, Craig A. Newman, partner and chair of the privacy practice at Patterson Belknap Webb & Tyler LLP, proposes that the public grading system used for restaurants’ health practices be used as an example for other industries to give people the same opportunity to protect their data. While existing metrics are available, Newman notes that they are often voluntary and limited in scope, pointing to the National Institute of Standards and Technology framework which, although comprehensive in nature, was only even mentioned by seven Fortune 500 companies in their filings.
While developing such a system would likely be a complex process, Newman notes any such public system of cybersecurity rankings would require one critical condition: that the assigned letter grades must both be public and prominently displayed, so that consumers are able to make informed decisions as to the risks to their personal information when engaging with these companies.
Source:
https://www.nytimes.com/2018/04/11/business/dealbook/corporate-america-cybersecurity.html
