Slashdot Mirror

← Back to Stories (view on slashdot.org)

Liability for Data Breaches are Minimal

Posted by ryuzaki0 on from the be-more-careful dept.

vandon submitted a Security Focus bit about liability and identity theft. The article talks about a contractor's laptop containing a half a million records of private student loan information being stolen. The court ruled that since "Reasonable" precautions had been taken, the loan company need not be held strictly liable for their customers damages.

4 of 184 comments (clear)

  1. The number one reason companies loose lawsuits by geekoid · · Score: 3, Informative

    is a failure to follow policy.

    Now the person suing the company needs to acuse the company of not following policy, and provide some sort of proof. Then the company cabn attempt to defend itself.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  2. Nice. by Anonymous Coward · · Score: 1, Informative

    "Liability for Data Breaches are Minimal"

    Grammar for Article Submitters are Minimal?

  3. A reasonable man walked into a bar... by MrNaz · · Score: 3, Informative

    This actually makes sense, as the tort of negligence is a civil matter and where a defendant's (in this case the loan company) actions are being assessed, the law requires the standards of "the reasonable man" to be used..

    Generally in cases such as this, the court will use the reasonable man test in a formulation which would likely sound like this: "would a reasonable man, in the position of the defendant with the same information and experience that the defendant can reasonably be expected to possess, have behaved in the same way".

    It then comes down to the court hearing evidence from members of industry and other witnesses or even amici curi (meaning "friend of the court", which is a person who offers evidence but is not called officially by the plaintiff or defendant, and excuse me but my latin spelling is not that good). The judge then decides if the defendant acted the way a reasonable man should.

    P.S., Yes i know the formulation of "reasonable man" is sexist, but hey, it's the law :P

    --
    I hate printers.
  4. GLB by cyriustek · · Score: 2, Informative

    The problem here lies with the application of Gramm-Leach-Bliley. The regulation merely requires financial institutions to apply reasonable protections to the customers information. Unfortunately for most consumers, this bar lis lower than one would hope. The application of GLB, and most other federal regulations does not adequately protect the individual. This is why people should ensure they communication with the congressional representatives to get privacy laws with teeth in place.

    Tragically, the privacy laws that are currently being evaluated at the federal level water down the requirements of many state laws. For example, California's SB-1386 requires a company to report to you that you information may have been inappropriately disclosed. However, the proposed federal legislation requires companies to only disclose this to you if they believe you are at risk from this exposure. It is easy for a company to say they do not think a disclosure of your information would harm you. If you do expereince ID theft, you wouldn't know what company was the source, so you would not have the ability to require the offending company to disclose the information exposure.

    The upshot is...You MUST get involved in this. There are very high-paid lobbyists who want this lower level of protection for your private information. Ensure your congressional representative knows you want a law with real teeth. You can find who is your rep at: http://www.congress.org/congressorg/home/