[mrobins]

$75k. Tell me the government doesn’t take privacy seriously without telling me that government doesn’t take privacy seriously.

> Three weeks ago, genetic testing firm 1Health.io agreed to pay the Federal Trade Commission (FTC) a $75,000 fine to resolve allegations that it failed to secure sensitive genetic and health data, retroactively overhauled its privacy policy without notifying and obtaining consent from customers whose data it had obtained, and tricked customers about their ability to delete their data.

[juunpp]

I already find the narcissistic "welcome to you" message on the package inducing of extensive amounts of vomit. And then they only get $75k for this? I want them go DOWN.

[readyplayernull]

The FTC takes the its_not_about_the_money.jpg meme very seriously.

[WendyTheWillow]

We’re not actually seeing the kinds of boogeymen people like to trot out when this kind of data is leaked. Nobody is conducting banned genetic research, nobody’s insurance rates are going up, nobody is getting ethnically cleansed as a result of this info…

A few stolen identities, some bank fraud, but largely the systems in place can handle it. It’s caught at the other end.

If you want big fines, prove big consequences.

[93po]

A single stolen identity can cause years of emotional harm and turmoil. Someone’s life is often completely uprooted from this. That one person alone should receive significantly more than $75k

[WendyTheWillow]

A single car accident can end a life, yet we drive cars. The value gained by technology like 23andme is vastly outweighs the cost of some occasional negligence or theoretical harm.

Besides, if you can find a specific person who was specifically harmed by this exact breach, I bet you could sue for damages, and get more than $75k.

[93po]

If I significantly harm someone with my car, even unintentionally, I do in fact get sued successfully for far more than $75k

[WendyTheWillow]

Which is my point; there's no "significantly harm" here at a large scale, and if there is one at an individual scale, that person can sue.

The $75k fine is exactly proportional to the complete lack of concrete harm done. Nobody gets fined for cars existing.

[dheera]

Capitalism being backwards as usual. If we really take privacy seriously we should fund them $75K to fix their privacy problems.

If you take away $75K from their engineering budget they will only do a worse job, and more data will leak.

[0134340]

I'm just going to do my monthly HN login to say, and possibly skirt ethics here because your comment truly deserves it, that this is the dumbest thing I've read on here in a long time. I can't tell if this comment is satire or being real.

[Angostura]

That sounds like a good way to ensure monthly data leaks

[tremon]

What? No. If we really take privacy seriously, we might consider giving them a discount on their use of our genetic data once they have shown responsible care in handling that data -- similar to how no-claim bonuses work in insurance.

[rileymat2]

Wouldn't this incentivize insecure practices and bad practices so they can get 75k? Wouldn't that be the effect, everyone tries to as little as possible until they get paid?

[jddj]

That's a fairly unconventional approach. Not a subscriber to traditional incentives-drive-behaviours theories I guess?

[seanhunter]

Err, no. If you give them $75k then everyone else will be incentivised to leak data so they too can get a free $75k.

[dheera]

I wouldn't. If I leaked data due to honest coding bug and someone gave me $75K with even a handshake agreement to put it towards fixing the problem I would put 100% of that money towards fixing the problem. That's my moral standard, if money with even a verbal agreement to put it towards a certain purpose, I either honor that purpose or don't take the money.

If they took away $75K I might be forced to lay off someone, possibly one who could have fixed the problem.

[landemva]

Capitalism brings abundant choices. Many or most people don't care enough to protect themselves by choosing differently.

[stjohnswarts]

$75000 is a lot less than buying even 1 security expert. It's just the cost of doing business if you don't charge them some substantial % of their revenue for a year. Say 20% - 50%. It has to sting or there will be no change in their processes.

[dheera]

And if fined $75000 the first thing they would do is lay off that security expert.

Provide the security expert to them at no cost, taxpayer funded, as a collective effort to stop identity leaks.