Should Companies Share Criminal Blame In ID Theft?

snydeq writes "Deep End's Paul Venezia criticizes the lack of criminal charges for corporate negligence in data breaches in the wake of last week's Best Western breach, which exposed the personal data of 8 million customers. 'The responsibilities attached to retaining sensitive personal identity information should include criminal charges against the company responsible for a leak, in addition to the party that receives the information,' Venezia writes. 'Until the penalties for giving away sensitive information in this manner include heavy fines and possibly even jail time for those responsible for securing that information, we'll see this problem occur again and again.' As data security lawyer Thomas J. Smedinghoff writes, data security law is already shifting the blame for data breaches onto IT, thanks to an emerging framework of complex regulations that could result in grave legal consequences should your organization suffer a breach. To date, however, IT's duty to provide security and its duty to disclose data breaches does not include criminal prosecution. Yet, with much of the data security framework being shaped by 'IT negligence' court cases over 'reasonable' security, that could very well be put to the test some day in court." It's a slippery slope to be sure, but where should the buck stop?

Corps will see the inside of a court room only if

[denis-The-menace]

Corps will see the inside of a court room only if your name is the title of a song and the personal info gets posted! (MediaSentry will "Find it")

Currently in the US, Corps have more rights than you or I even though they are considered "A Person".
Corps that inadvertently/intentionally kill people at most must pay a fine.
If you or I do this, we don't even get the option to pay our way out.

Until this changes corps can do what they want.