Hacker News new | ask | show | jobs
by evervevdww221 3013 days ago
What if this law will be abused as a tactic to attack business competitions? Why would that happen?

> For example, Business A has a competitor startup B who has less resources to hire security consultant. Business A hence hired person C to register the service provided by B with a weak password and hire D to breach C's account. C claims that he has been hacked, so he brings startup B to court. B goes bankrupt because it runs out of money to hire lawyers.

You use your knowledge or regulation to read and make decisions. If you don't have the required experience,

> How do I know I have required experience (what experience is required is not said in the regulation text)? I know md5 is insecure and you need salting on password. I'm self learned, garage based entrepreneur with $1000 in my bank to either buy food or hire a consultant, is that required experience?
1 comments
matthewmacleod 3013 days ago
B goes bankrupt because it runs out of money to hire lawyers.

Right, that's like any other malicious lawsuit – i.e. this is totally irrelevant.

I'm self learned, garage based entrepreneur with $1000 in my bank to either buy food or hire a consultant, is that required experience?

Yes. If you don't have the knowledge or resources to correctly comply with appropriate regulation, then you should not be operating in a space. "I didn't know that I needed to keep raw and cooked meat separate" would not be a valid excuse in food prep; why would "I didn't know I needed to use a secure hash" a valid excuse for an engineer?

link
closeparen 3011 days ago
Food safety standards are a concrete set of rules that are trivially captured in training for low-wage, low-literacy, high-turnover workers. Restaurants do not need to hire specialist lawyers to guess at how the courts might interpret them. This analogy is completely inappropriate.
link
TheCoelacanth 3011 days ago
Food safety standards are actually a good example of how laws don't include specifics like "keep raw and cooked meat separate".

For example, the FDA Food Safety and Modernization Act[1] doesn't include specifics about how food should be handled. It specifies some areas where the FDA is supposed to issue rules and then the FDA makes rules based on the authority that the law gives it.

GDPR has Data Protection Offices that issue more specific guidance about how to comply. For instance, the UK Data Protection Office issued this guidance[2] about how to prepare for GDPR.

[1] https://www.fda.gov/NewsEvents/PublicHealthFocus/ucm239907.h...

[2] https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-s...

link
zanny 3013 days ago
So just set the bar of compliance to start any company at several hundred thousand dollars (which is pretty much where it is) and you get the lovely contemporary effect of 40 year lows in new business creation[1][2].

There are active, observable, and semi-quantifiable costs to society when lawmakers create arcane, incomprehensible laws meant to prevent entry into markets by making the barrier of compliance too high for most people to afford to compete.

[1] http://money.cnn.com/2016/09/08/news/economy/us-startups-nea...

[2] https://www.washingtonpost.com/news/on-small-business/wp/201...

link
matthewmacleod 3013 days ago
The GDPR is not arcane or incomprehensible. It’s quite simple, there are a million explanations out there about how to comply, and even in the case you don’t get it right regulators will invariably give you the benefit of the doubt.

Many things might cause low levels of business creation. I am entirely unconvinced that the cost of regulation is one of them.

link