There’s endless troves of consumer data online, posing a potential cybersecurity risk due to its availability via breaches and the vast commercial data broker market.

Even as laws in other regions like the European Union have grown more strict, however, the US lacks a federal privacy law—and one doesn’t seem to be coming anytime soon, nor is relief necessarily in sight from regulators.

In December, the Consumer Financial Protection Bureau (CFPB) officially proposed rules that would impose limits on the sale of certain financial data and other personal identifiers like Social Security numbers. The rule may never go into effect under the inbound Trump administration, however, which has struck a generally hostile stance towards the CFPB and other regulators and reportedly is looking into ways to change the agency’s mission.

The data landscape

The consumer data market is the Wild West outside of certain protected categories like health records or very sensitive financial information, the CEOs of two data removal firms told IT Brew. Data collection is more or less omnipresent on the commercial web, and even those consumers who actively try to protect their data are mostly limited to privacy tools and takedown requests directed to the brokers that most visibly market on search engines like Google.

“Utilization of our data is far, far more vast than I think anybody realizes, even if people think they know,” Lawrence Gentilello, founder and CEO of Optery, told IT Brew. “It’s probably 100 times more—just the proliferation of different players involved, the different types of companies that purchase and use data.”

Read the rest here.—TM

If there’s a breach in the news and you’re worried about leaked credentials, who ya gonna call? Have I Been Pwned creator Troy Hunt, most likely.

For the past 11 years, Hunt, an Australian security researcher, has dedicated his time to running one of the most well-known online data breach notification services on the internet. While some may think that Hunt—who has logged over 845 breaches and upward of 14.5 billion “pwned” accounts on his website—may be desensitized to the breaches occurring these days, he told IT Brew that that is not often the case.

“It’s always a little bit exciting because it’s like a bit of a puzzle,” Hunt said.

IT Brew caught up with Hunt to discuss what it’s like running the 11-year-old breach website.

The conversation below has been edited for length and clarity.

What does the vetting process look like when you are trying to decide which data makes it onto the website?

There’s a combination of things. First of all, every data breach that comes to me, I’ve got to verify it and make sure it’s legitimate. Take a look at the 10 most recent breaches that are here on the website at the moment. Each one of those, I’ve had to go through and establish with sufficient confidence that this is actually a breach of that service. And then, in many cases, I’ve had to try and get in touch with the organization to disclose it. That’s the continual process I go through: spending time either trying to get in touch with an organization or very often, trying to encourage an organization to disclose because many of them just want to suppress and cover it up and that happens all the time.

Read more here.—BM

The Biden administration wants to find just the right place for your gigawatt-scale data center.

In an executive order announced Tuesday, President Biden empowered the Department of Defense (DOD) and Department of Energy (DOE) to lease land for AI infrastructure like giant data-storage facilities and clean-power sources.

The effort, according to the statement, will help to “prevent America from growing dependent on other countries to access powerful AI tools.”

Delete! The Washington Post reported in October how places like Fort Worth, Texas, and Fayette County, Georgia, have resisted the potentially loud, obstructive arrival of data centers, and local officials in areas like Northern Virginia and Atlanta have expressed concern about electricity and water demands imposed on infrastructure.

The White House said the DOD and DOE’s chosen locations for private-sector bids will be based on “accessibility to high-capacity transmission infrastructure and minimized adverse effects on communities, the natural environment, and commercial resources.”

Selected developers will also be required, under the directive, to deploy “sufficient” clean-energy generators to match electricity needs. (While the statement mentioned “small nuclear reactors” as one example, here’s a DOE list of clean-energy types.)

Developers will be required “to pay all costs of building and operating AI infrastructure so that this development does not raise electricity prices for consumers,” the statement said, and agencies will study data center impacts on electricity prices.

Keep reading here.—BH