[pavel_lishin]

> if holding personal information was a big liability in the event of a leak, it would be prudent to keep as little as possible.

But this kills the social network, and the cloud photo app, and a lot of other businesses.

edit: nevermind, I think I misunderstood the suggestion. kardos's reply makes a lot of sense.

[kardos]

Not at all. People can opt-in and send their own photos, holding that data would be kosher. Holding photos of those who did not opt in, or those who explicitly opted out, would be where the liability comes in.

If we can penalize people for possessing some kinds of data (pirated software, movies, etc) in the name of defending someone else's copyright, or for not decrypting things, it can also be done in defence of personal privacy.

[tomc1985]

Good!

Or perhaps it would result in only the companies that need that data actually holding it, and doing so with care. I would love to see a big nasty liability poison pill attached to PII