|
|
|
|
|
|
by number-sequence
2760 days ago
|
|
|
I agree with the idea that fines based on the number of users affected makes a lot of sense. One question I have is how would you propose that number be calculated? In truth, I think the company whose data has been leaked should know exactly how many records have been leaked, but per-individual based fines create an incentive for them to underreport this number. Do you think that’s a problem, and if so, is there a good answer for how society could get an honest answer as to how many individuals are affected in a breach? |
|
|
As a percentage of worldwide revenue on a sliding scale.
> In truth, I think the company whose data has been leaked should know exactly how many records have been leaked, but per-individual based fines create an incentive for them to underreport this number.
Very true, so triple damages for wilful underreporting and/or criminal sanctions for individuals.