[pmc1]

> If you have a breach of data, your tax goes up for a period of 10 years.

You do know it is impossible thwart all data breaches right? You can have the most sophisticated security system created and Zero-day attacks are still bound to occur. Data breaches occur without the companies themselves even knowing they took place... Geniuses are on the offensive side, if they want in, they will get in. No company in the right mind would agree to pay a tax when the inevitable happens. Just my 0.02

[emidln]

> You do know it is impossible thwart all data breaches right?

False. No system, no breach. No data stored, no possibility to lose it. Accept the liability for having the data or don't have it.

[CaptSpify]

If you can't keep the data secret, then maybe don't store data worth stealing. Yeah, breaches will always occur, but this data shouldn't have been piled up in the first place.

[mannykannot]

> You do know it is impossible thwart all data breaches right?

As RcouF1uZ4gsC's proposal contains measures to be taken when it happens, I strongly suspect that he does, in fact, know that.

> Zero-day attacks are still bound to occur... Geniuses are on the offensive side.

Most of the breaches have required neither of these. The goal is to improve the practice of security to the point where the only successful attacks would require both.

> No company in the right mind would agree to pay a tax when the inevitable happens.

You have a very unconventional idea of how companies generally operate.

[pmc1]

> I strongly suspect that he does, in fact, know that.

His proposals imply that he does not in fact realize that zero-day attacks occur. Negligence is one thing, but having state of the art security systems and still being punished for a breach is another thing. A state sponsored group with enough time and money can repeatedly infiltrate a system. A tax certainly wont solve the problem

[majormajor]

I think you're missing the point entirely.

If your business is such that a tax penalty on a breach would make you no longer able to afford to do business, then you have two options: 1) don't store the data in the first place - your risk no goes to 0 2) scrap your business plan as the cost of holding the data given the impossibility of preventing every breach is greater than the economic value it would generate

Today you don't have to really think about what the cost of losing the data is because your portion of it is 0. That's stupid. It's like every startup deciding to include a new type of coffee machine that includes a small nuclear reactor - sure, we can't prevent all possible disaster scenarios, but the marketing people and data people REALLY LIKE having this type of coffee available, and the government isn't giving us any reason NOT to have it, so why not?!

So if a tax either makes you put money aside to account for the risk, or shuts down a bunch of frivolous examples of personal data collection, it's solved a huge part of the problem.

[mannykannot]

You are using rare, worst-case events to, in effect, excuse the currently abysmal state of security. When we have reached the point where zero-days account for almost all the remaining successful attacks, we can revisit the question.