|
|
|
|
|
|
by mapt
13 days ago
|
|
|
"Strict Liability" is how we deal with a subset of crimes and torts - intent is not required to be proven to establish legal culpability/liability. You're describing willful leaks by an employee, I'm condemning insufficiently competent / insufficiently conservative data security. A data security breach should incur significant penalties to the corporate entity, and those penalties should be multiplied by the number of records compromised. These penalties should be high enough to minimize the number of records actually retained outside of cold storage, among other things. When Equifax's breach leaks their entire database, massive social losses are occurring. We should have collectively seized that company from its shareholders for spying on us and leaking all our shit, not settled for "a year of free credit monitoring". So when I get a letter telling me that an old insurer has had all of their patient data, names, DOB, SSN, health conditions, leaked to the darknet... and then I look it up and see it's the second time in a couple years? This is data that is in theory heavily protected. I'm out for blood. |
|
|
I completely agree that the offers of credit monitoring are completely insufficient. Mixing that with feelings about the credit system muddles things a bit but I'm no fan of the incompetence of that system either even though there is some social good in the underlying provision.
I'm not telling you not to be angry. You have every right to be. I would suggest noting that at some level you can end up maximizing the damage it does to you.