Study Reveals the Worst State for Online Privacy
With Yellowstone National Park, a thriving cowboy culture, and low levels of crime and pollution, Wyoming is well worth a visit, but the state's approach to protecting online privacy might dissuade some people from taking up residence.
Researchers evaluated each US state based on 20 key criteria, ranging from laws that govern how companies can use and disclose customer data to those that protect specific groups of people, including journalists, children, and employees.
Wyoming was found to meet just one of the 20 key criteria, which was that laws were in place to protect K–12 student information, such as grades and attendance records.
The Equality State stood out particularly for the lack of protection it offers journalists.
Researchers wrote: "While not all states have shield laws to protect journalists from exposing their sources, Wyoming is the only state that doesn’t even have a court precedent for doing so."
Wyoming's approach to protecting online privacy in the workplace in general wasn't great, with researchers noting that "companies are not required to dispose of users’ personal data after a set period of time, and employers are not barred from forcing employees to hand over passwords to social media accounts."
Idaho, Iowa, Pennsylvania, and Mississippi also fared badly in the study, with each of them meeting just 10% of the key online privacy criteria. In all of these states, companies and the government can retain users' personal data indefinitely without consequence.
Social media profiles are not protected from employers or schools under the law in Iowa, Pennsylvania, and Idaho.
At the other end of the scale, California met 75% of the online privacy key criteria and was the only state to mention an inalienable right to privacy in its state constitution.
The Sunshine State was also the only state to enact a law offering protection specifically to data gathered from the Internet-of-Things (IoT). The new law, which protects such data by ensuring manufacturers equip devices with appropriate security features, was passed in September 2018 and will go into effect in January 2020.
Source: Information Security Magazine