Hacker News new | ask | show | jobs
by gehwartzen 106 days ago
At this point I get about 1-2 emails a year telling me some company has exposed my private data in some way. It’s completely routine.

We need a law mandating the company pays at least $1k per exposed record per customer or absolutely nothing will change. The current cost of “here’s a years worth of credit monitoring” doesn’t even amount to a slap on the wrist.
3 comments
rolandog 106 days ago
And tied to inflation (or to a % of gross income), too, otherwise it'll be cheaper in X years to get fined than to hire information security officers
link
overfeed 105 days ago
> We need a law mandating the company pays at least $1k per exposed record per customer or absolutely nothing will change.

That won't change a single thing, except for shell-company shenanigans, more frequent bankruptcy proceedings, and the same people coming back trading under a new name and logo. A law sending people to prison may actually change things.

link
troad 105 days ago
"Oh you want to make a little start up to share recipes between friends or whatever? Aww, that's cute. Well, here's the OAuth spec and an incomplete list of footguns. I hope your grasp of elliptic curves is strong. Prison time if you fail."

The absolutely only consequence of laws that criminalise mistakes in handling of PII is to force everyone to externalise auth to the likes of Auth0. And you can bet your ass that if this ever happens, the likes of Auth0 will lobby like hell to never ever repeal or update those laws, being a vast corrupt funnel of business to them.

Congrats, you've created a new Inuit.

link
JeremyStinson 105 days ago
All those people have high-priced lawyers that will keep them out of prison. The DBA and the Data Engineer will be the ones who go to jail for "Not ensuring all applicable data security controls were configured, and enabled, to prevent the detection, collection, and modification of any and all data assets within the purview of Company X, all its holdings and subsidiaries."
link
lucyjojo 105 days ago
force nationalization of the business for egregious cases.
link
muyuu 105 days ago
the main reason for this recent change is that before they used to just not report it, it makes no financial sense to them and they only do it because of recent legislation and liability

it's the only decent development from those data protection laws that usually do anything but protect data, but credit where it's due

link