Slashdot Mirror


Personal Data Exposed! Can Legislation Fix It?

rabblerouzer writes "Millions have had their personal information stolen because of lax security and may not even know it because of the patchwork of state laws that fail to mandate timely notification of victims. Boston-based law firm Mintz Levin is seeking feedback on what you would like to see included in draft legislation."

2 of 154 comments (clear)

  1. Criminal Identity Theft by G27+Radio · · Score: 4, Interesting

    I've been writing a bit about my personal experiences with Criminal Identity Theft. It's something quite a bit different than your typical identity theft. I'm wouldn't hold my breath waiting for the states to do much about theft of personal data on their own. They didn't even bother to notify me when they found out some jerk had been using my names to commit crimes. I've come to the conclusion that the government just doesn't give a rats ass about these things.

    I'll be writing something to these guys. If you're interested in what I've been dealing with, my story starts here:

    http://g27radio.blogspot.com/2007/04/think-youre-s afe.html

  2. Accountability by AK+Marc · · Score: 4, Interesting

    There is only one thing that companies are accountable to, and that's the shareholders. If you can save $200 with crappy security and screw over 100,000 people with a breach, a company is under pressure to save the $200. If you place huge fines on exposed data, companies will be able to compare the cost of the security measures to the cost of a breach and make a financial decision that will (hopefully) work out best for both the company and the customers/clients/etc. Fine them up to $1000 per person exposed. Oh, lose the data of 100,000 people on an encrypted laptop left in an airport lounge? That'll be $100,000,000. Also, make concealing a breach (as opposed to reporting it) a jail-able offense. Yes, that may make losing a laptop and hiding that fact get someone more time in jail than a murderer, but we need to drop the "what would a rapist get" dogma. Yes, raping someone is bad. But what about a little loss multiplied by 100,000? Wouldn't screwing up thousands of people's lives (even if the inconvenience isn't really that large) really be in the same league as messing up one person's life really badly?

    Recap:

    Required disclosure
    Jail for those that purposefully avoid disclosure
    Large fines for breaches