Hacker News new | ask | show | jobs
by wdewind 4444 days ago
What's the solution? We hate regulation as an industry, but if I was outside the industry, seeing these data breaches over and over again would seem to imply a need for regulation. Looking at PCI and HIPPA, as two examples, it doesn't seem like data protection legislation would be super successful. Any thoughts on that?
3 comments
dispense 4444 days ago
How about not requiring personal data when it's necessary anyway, and removing it as soon as it isn't necessary anymore? If I buy a LaCie drive in a brick-and-mortar store and I pay with cash, there is exactly none of my personal data there to be stolen. I don't see why this shouldn't apply to my online purchases. In fact, I'm quite annoyed that it doesn't apply at all.
link
rhizome 4443 days ago
There's a middle ground where custodial responsibilities are legislated, where the customer retains property rights in the information collected by the company and thus provides a cause of action if the company fucks up.
link
wdewind 4444 days ago
Because the next time you'd want to shop with that store you'd need to fill out the profile again. This kills the conversion rate.

It's a security/UX tradeoff.

link
dispense 4444 days ago
The minor inconvenience of re-entering my shipping data every time clearly outweighs the possibility that some crime syndicate gets their hands on my personal data. At least for me. I would appreciate it to at least have the option to not create an account when I make a purchase. I've seen too many data breaches to have much confidence in the security of the majority of webshops. The only secure safeguard against theft of personal information is to not have it stored in the first place.
link
cordite 4443 days ago
This seems like the perfect place for payment processors to exist, like PayPal and google wallet or whatever ones out there you'd like to use
link
CWuestefeld 4444 days ago
Certainly HIPAA is far more trouble, and every example I can think of, of regulation being passed in haste in response to witch hunt, has been awful. I'm thinking of stuff like Sarbanes-Oxley or Dodd-Frank. Neither of these did much in terms of their stated goals, but they have created a bunch of problems as unintended consequences.
link
EpicEng 4444 days ago
> being passed in haste in response to witch hunt

We hear about new attacks and vulnerabilities, more credit card numbers stolen, more personal information stolen, on a weekly basis. I think we're past the point of accusing legislators of acting in a reactionary manner to an isolated incident or two should the proposition of regulation be put forward.

link
rhizome 4444 days ago
We hate regulation as an industry

I don't.

link