As legalized sports betting in the U.S. continues to grow, so does the concern for security of personal data and privacy protection. Expert Scott Pink, took some time to answer a few questions for USBettingReport.com on security and privacy concerns involved in wagering on sports.
About Scott Pink
Scott Pink is a special counsel in the Silicon Valley office of O’Melveny & Meyers, with a well-rounded practice that spans intellectual property, marketing and advertising compliance, business transactions and data security and privacy. He formerly served as general counsel for a leading media company. Pink has directed numerous privacy and security compliance initiatives for clients, who include companies in media end entertainment, technology, consumer products and franchising. He can be reached at [email protected]
When it comes to legalized U.S. sports online mobile betting how can app users find comfort in knowing that their personal data is secure?
PINK: App users should make sure they use strong passwords and login ids, and change them frequently. They should only deal with companies that are licensed and regulated, as they are more likely to have robust security programs.
What are companies in this market doing to stay compliant with federal and state data privacy law?
PINK: Companies should have internal data privacy and security teams dedicated to regulatory compliance. They are working with privacy counsel to help them understand the evolving legal requirements. This is an area that requires constant monitoring and vigilance, including making sure that you continually review and update your technology against new threats.
How has technology both been helpful and hurtful when it comes to online privacy?
PINK: Technology has made online transactions much easier to conduct which has been beneficial to users and the economy as a whole. However, at the same time, it has allowed for tremendous amounts of personal data to be collected and stored in locations that users don’t always control, which creates higher risk of it being compromised. Security is a constant battle between the operators that use a variety of technologies to protect user data and the hackers and infiltrators that also use sophisticated technologies to attack the operators.
What security measures must operators have in place to protect bettors against incidents of personal information being compromised? Has this changed as more states begin to offer legalized sports betting within their jurisdictions?
PINK: Bettors should be required to have strong passwords and ids for their account and required to change them periodically. Operators should also consider using multi-factor authentication to limit the possibility of unauthorized access. There should be procedures set up that detailed the company’s information security, incident response, disaster recovery and data management. It is also important to have periodic training of employees so that they properly manage personal data and don’t fall victim to phishing and other attacks.
What processes do operators have to adhere to for dealing with and reporting such incidents should they occur?
PINK: All states have security breach disclosure laws that generally require notification of affected individuals and in some cases, government authorities, if there is a breach involving certain kinds of personal data (usually name plus other identifying such as a social security number, driver’s license, credit card, or online account and password). Operators should have an incident response plan in place that will assist them in complying with these requirements.