I think data-breaches could carry the death penalty for companies.
I just got a notification from some health services company that my and my toddlers data was accessed. Including medical history, diagnoses, payment details, SSN, birthday. Why was this not encrypted? Given the world today, this is negligent. The government should be able to disolve the company and give the money to the victims.
If there was a willful disregard for "common security and privacy standards", criminal charges against the executive team.
You want my personal life data? It comes with steep personal risk.
My HSA emailed me and said “woopsies, we leaked all your data”.
And…? You’re going to try and give me credit monitoring when I literally have 2 overlapping credit monitoring offers from the other companies that leaked my data?
> The government should be able to disolve the company and give the money to the victims
I feel you, but my understanding is without clear monetary impact, its hard to collect any amount of money from these companies. Even if you experience identity theft, whose to say this vs one of the other data leaks was the issue.
I agree that a 'corporate death penalty' would be enormously open to abuse, sector rivals would be even more incentivised to industrial espionage for one thing...
But 'a distraction from fines'? Fines do nothing to help those affected by such breaches. Even class action lawsuits usually result in symbolic payouts to individual victims. Given the potential consequences of these breathes - especially in the health space, criminal prosecution for those executives responsible seem appropriate, commensurate and incentivising.
> But 'a distraction from fines'? Fines do nothing to help those affected by such breaches
Bigger fines. Fines that bankrupt the company. Note: bankrupt. Not shut down. Clean out the shareholders and upper management, possibly spin some stuff off or even break it up. (There is this popular conception that bankruptcy means an F-35 bombs the company’s offices and factories and it’s plain wrong.)
Corporate death penalty is a distraction from bigger fines.
I just got a notification from some health services company that my and my toddlers data was accessed. Including medical history, diagnoses, payment details, SSN, birthday. Why was this not encrypted? Given the world today, this is negligent. The government should be able to disolve the company and give the money to the victims.
If there was a willful disregard for "common security and privacy standards", criminal charges against the executive team.
You want my personal life data? It comes with steep personal risk.