Except, there's no fraud in the first place. The warranty repair entitles her to repair or replacement. Best Buy never did anything to in any way attempt to not ultimately repair or replace her laptop. If they had changed their system to indicate that they NEVER RECEIVED a laptop from her, and therefore didn't owe her a laptop, then THAT would be fraud. But even changing the system to indicate the laptop was somewhere it wasn't, while not a good idea, not ethical, and not good customer service, is not fraud.
The woman had a poor customer experience. There's no doubt about that. But we can't expect that ANYONE is liable for $54 million, or even $1 million, or even $10,000, for losing a laptop. You're liable for the laptop. And if you putz around and delay resolving the problem, then it's a good idea to do something to make up for that. It seems to me that Best Buy made a reasonable effort at customer satisfaction and this woman is just crazy.
as it was Bush himself who invoked executive powers to keep them from testifying.
1) Bush doesn't have those powers. He's just pretending he does. 2) Following orders isn't an excuse. The aides are in contempt of Congress if they refuse to testify, whether someone else told them not to testify or not.
Separation of powers means the executive branch can't legislate and the legislative branch can't... uh... execute. It doesn't mean that the Executive branch isn't subject to the lawful acts of Congress.
but felt that REPUBLICAN President and adviser communications should have some degree of privilege.
Remember that the amount of executive authority the President should have is based on the political party of who you're asking.
Were it a Democratic President who was stomping all over our civil liberties, the situation in Congress would be reversed.
Re:Not any more unrealistic than the MPAA's figure
on
The $54 Million Laptop
·
· Score: 1
Poor analogy. Better analogy:
If, the last time you were at the doctor's office, you left a box there, and in that box was your tax return, is the doctor's office obligated to notify you that your tax return may have been stolen? Or even if, for some strange reason, you asked your doctor to stash the box under his desk, but didn't tell him what was in it?
The difference is that when the medical records are stolen, those records belong the the doctor's office, they know they have them, and they are responsible for maintaining them. When the box you left at the doctor's office is stolen
In your world is business responsible for anything? Obviously passing the buck is. Congratulations. "It's not our fault. It's yours, Stupid." should replace "Thousands of Possibilities. Get Yours."
Absolutely. But business isn't responsible for EVERYTHING either. And one of the things businesses are not responsible for is protecting undisclosed personal information on the hard drive a computer rendered for warranty repair.
If it's your data, you're responsible for it. That doesn't change unless some other party specifically does something to change it - and giving them a hard drive with the data on it without telling them that the data is there when they tell you that they don't want and won't protect your data is not something specific.
I agree that Best Buy has behaved poorly. I think the compensation offered is sufficient for the poor behavior, but whether it is or isn't doesn't change the fact that Best Buy is simply not responsible for the data on the drive. If the person didn't have another computer, doesn't understand data, or whatever, none of those things are Best Buy's problem.
In order to create a bailment, the bailee must both intend to possess, and actually physically possess, the bailable chattel.
Well, it applies for the computer, which I wholeheartedly agree Best Buy is responsible for replacing. But it doesn't apply to the data, as Best Buy never intended to possess the data.
Best Buy is simply not responsible for the data. If this same woman had brought her computer to a mom-and-pop shop for repair and it got stolen, nobody would think this lawsuit was reasonable.
The legislature however, used "maintain" which in ordinary parlance, simply means to keep without allowing degradation
It would seem to me that if maintain means to keep without allowing degradation, and Best Buy is making no effort to prevent degradation of the data, and may even allow the data to be destroyed, they're not maintaining the data then, are they?
Best Buy is ignoring the data entirely. That's what we want them to do - we don't want them snooping around our hard drives, right? So if they're ignoring the data entirely, then they're not maintaining it. By the very definition you used.
They did give her cold hard cash - a full refund of the original purchase price of the laptop, which is more cash than the laptop lost was worth. They additionally gave her a gift card.
No company is going to give you cash above-and-beyond the purchase price. That's just BEGGING for fraud.
To win your argument in front of rational people, you have to explain why a company should be punished when it releases information about a person that it transcribed into its own database (e.g. account number), and not be punished when it releases that same information (e.g. account number) by losing a computer entrusted to its care.
Because in one case the company owned the data, recorded the data and was aware of its presence, and in another case it did not record the data, was not aware of its existence, and specifically told the owner of the computer that they were not responsible for any data owned by the customer on the computer?
The law says you're responsible for data you own maintain. It does not make you responsible for data you don't own/maintain. What's so hard to undertand about that?
The law is not much different than code. It's written the same way. When there's an AND operator, and that and operator is false, none of the other operators matter.
All sections of that law require "Breach of the security of the system". No breach of the security system, no violation. And breach of the security system requires "personal information maintained by the person or business." (and remember, person here means provider of the service, not the customer)
Everything else in your post doesn't matter, because we have a 0 for 'personal information maintained by Best Buy', and once you have 0 in an AND, you've got 0.
You do have the best argument in that Best Buy did actually 'maintain' the data (as opposed to all the other arguments that are rendered entirely irrelevant as long as the maintenance issue isn't addressed), but I just don't see how you can argue anyone 'maintains' something that they are not even aware is there, did not want it, did not accept it, and are not even supposed to look at it.
Don't bother. You're dealing with anti-slashdot zealots. Just silently track their posts until there's some thread about a Linux system crashing and losing data and wait until they spew about how it's the users fault for not backing it up.
You can lie all you want. It's not fraud unless you gain from it. No amount of lying was going to change the fact that Best Buy owed her a replacement laptop.
Now, if Best Buy attempted after the fact to say that the terms of the warranty were different than they were at signing, or attempted to say the laptop lost was not the laptop under warranty, or represented that the replacement laptop was similar when it was not (less memory or something), THAT would be fraud.
But saying the computer isn't available because (whatever) when it's not available because it's stolen isn't fraud. It's bad business practice and dishonest, but not fraud.
One, the computer was stolen. The presence of confidential data on the computer that was stolen was due to the customer.
Two, you're engaging in a logical fallacy when you argue that the proper precautions must not have been taken merely because the laptop was stolen. One does not necessarily mean the other. You can take the proper precautions and bad shit can happen anyway. We don't know if proper precautions were taken or not. But even if they were not taken, Best Buy is only responsible for the laptop, not the data on it.
I agree that it's not acceptable, but I don't think it's $54 million not acceptable, and it also isn't an act that's covered by DC's consumer identity protection law like she is asserting it is.
You don't just hand the hard drive to someone who promises to pay absolutely no attention to what's on the hard drive and just assume everything will be ok.
The employment records lost were ABOUT you, but they were OWNED and MAINTAINED by IBM, and they were apparently lost by a contractor SPECIFICALLY CONTRACTED TO HANDLE CONFIDENTIAL DATA! (That's what Iron Mountain does).
The records on the customer's hard drive were OWNED AND MAINTAINED BY THE CUSTOMER. She then gave them to Best Buy (who was not contracted to handle confidential data, by the way), and Best Buy lost them.
So, your scenario:
Data is about: you Data is owned and maintained by: IBM Data is given by owner (IBM) to company informed of confidential nature of the data and contracted and paid specifically to handle confidential data (Iron Mountain). Data is lost by: Iron Mountain
Responsible party: IBM
Best Buy scenario:
Data is about: The customer Data is owned and maintained by: The customer Data is given by owner (The Customer) to company NOT informed of the confidential nature of the data, who specifically tells you they are not responsible for data, and is contracted to fix power switch (Best Buy) Data is lost by: Best Buy
Responsible party: CUSTOMER!
So the customer should buy herself some identify theft monitoring.
Well, no, it says "person or business." Which includes the woman who lost her laptop, since she's a person.
Nope. The phrase 'person or business' refers to the person or business maintaining the data. Read subsections (a) and (b) which use the term breach of security - it reads that a person or business is responsible for disclosing the release of information maintained by that person or business. So if you use person as in the customer, than she is also the one responsible for the data, not best buy. Can't have it both ways.
I quoted the important part, because it contains the definition for the term used in the part you quoted. The part you quoted is ONLY applicable if it meets the definition of 'breach of the security of the system'.
You quoted:
See sect. 28-3852(b): "Any person or entity who maintains, handles, or otherwise possesses computerized or other electronic data that includes personal information that the person or entity does not own shall notify the owner or licensee of the information of any breach of the security of the system in the most expedient time possible following discovery."
You are substituting a common English definition for 'breach of the security system', but you can't - the section includes a very specific, legal definition of the term 'breach of the security system', and that's the definition you have to use, which according to 28-3851(1) is:
"(1) "Breach of the security of the system" means unauthorized acquisition of computerized or other electronic data, or any equipment or device storing such data, that compromises the security, confidentiality, or integrity of personal information maintained by the person or business.
Because there is no information maintained by Best Buy involved, no LEGAL breach of the security of the system happened, so there's nothing for Best Buy to notify the customer of.
If you were having engine problems with your car, would you remove the transmission before you brought it to the shop to have it worked on?
That depends - is my tax return in the transmission?
How about....
If you were having engine problems with your car, would you take your bank statements, credit cards, and key to your safe deposit box out of your glove compartment before you had it worked on?
Might you not leave your laptop sitting on the back seat of your car when you turned it into the shop?
And if not, would you at least lock the glove box and only give the repair shop the valet key?
I may have dumbed it down too much, and it's going to vary state by state, but in general, as far as protection of information goes, you're only obligated to protect information to the lesser of the degree at which you protect your own information or the provider of the information protects their own information. Because the question of negligence is always whether a party took REASONABLE precautions. If you took reasonable precautions, you're not negligent. And one measure of what would be considered reasonable is the actions normally taken by the plaintiff.
For example, if I'm a locksmith and I leave your house unlocked in Compton, that's probably negligent. But if I'm a locksmith and I leave your house unlocked in BFE Iowa, and I can prove that you haven't locked your door in years (setting aside for a minute that that probably means you don't need a locksmith), then that's probably not negligent.
Under the law they don't have to maintain the data to be liable; they simply have to maintain the machine.
No. Again, for your reference, the law in question, emphasized for the reading-comprehension-challenged:
"Breach of the security of the system" means unauthorized acquisition of computerized or other electronic data, or any equipment or device storing such data, that compromises the security, confidentiality, or integrity of personal information maintained by the person or business.
Does it say SYSTEM maintained by the business? No. It says PERSONAL INFORMATION maintained by the business. The personal information was not maintained by best buy. Period.
Slashdot Mirror
Except, there's no fraud in the first place. The warranty repair entitles her to repair or replacement. Best Buy never did anything to in any way attempt to not ultimately repair or replace her laptop. If they had changed their system to indicate that they NEVER RECEIVED a laptop from her, and therefore didn't owe her a laptop, then THAT would be fraud. But even changing the system to indicate the laptop was somewhere it wasn't, while not a good idea, not ethical, and not good customer service, is not fraud.
The woman had a poor customer experience. There's no doubt about that. But we can't expect that ANYONE is liable for $54 million, or even $1 million, or even $10,000, for losing a laptop. You're liable for the laptop. And if you putz around and delay resolving the problem, then it's a good idea to do something to make up for that. It seems to me that Best Buy made a reasonable effort at customer satisfaction and this woman is just crazy.
as it was Bush himself who invoked executive powers to keep them from testifying.
... uh ... execute. It doesn't mean that the Executive branch isn't subject to the lawful acts of Congress.
1) Bush doesn't have those powers. He's just pretending he does.
2) Following orders isn't an excuse. The aides are in contempt of Congress if they refuse to testify, whether someone else told them not to testify or not.
Separation of powers means the executive branch can't legislate and the legislative branch can't
but felt that REPUBLICAN President and adviser communications should have some degree of privilege.
Remember that the amount of executive authority the President should have is based on the political party of who you're asking.
Were it a Democratic President who was stomping all over our civil liberties, the situation in Congress would be reversed.
Poor analogy. Better analogy:
If, the last time you were at the doctor's office, you left a box there, and in that box was your tax return, is the doctor's office obligated to notify you that your tax return may have been stolen? Or even if, for some strange reason, you asked your doctor to stash the box under his desk, but didn't tell him what was in it?
The difference is that when the medical records are stolen, those records belong the the doctor's office, they know they have them, and they are responsible for maintaining them. When the box you left at the doctor's office is stolen
In your world is business responsible for anything? Obviously passing the buck is. Congratulations. "It's not our fault. It's yours, Stupid." should replace "Thousands of Possibilities. Get Yours."
Absolutely. But business isn't responsible for EVERYTHING either. And one of the things businesses are not responsible for is protecting undisclosed personal information on the hard drive a computer rendered for warranty repair.
If it's your data, you're responsible for it. That doesn't change unless some other party specifically does something to change it - and giving them a hard drive with the data on it without telling them that the data is there when they tell you that they don't want and won't protect your data is not something specific.
I agree that Best Buy has behaved poorly. I think the compensation offered is sufficient for the poor behavior, but whether it is or isn't doesn't change the fact that Best Buy is simply not responsible for the data on the drive. If the person didn't have another computer, doesn't understand data, or whatever, none of those things are Best Buy's problem.
In order to create a bailment, the bailee must both intend to possess, and actually physically possess, the bailable chattel.
Well, it applies for the computer, which I wholeheartedly agree Best Buy is responsible for replacing. But it doesn't apply to the data, as Best Buy never intended to possess the data.
Best Buy is simply not responsible for the data. If this same woman had brought her computer to a mom-and-pop shop for repair and it got stolen, nobody would think this lawsuit was reasonable.
The legislature however, used "maintain" which in ordinary parlance, simply means to keep without allowing degradation
It would seem to me that if maintain means to keep without allowing degradation, and Best Buy is making no effort to prevent degradation of the data, and may even allow the data to be destroyed, they're not maintaining the data then, are they?
Best Buy is ignoring the data entirely. That's what we want them to do - we don't want them snooping around our hard drives, right? So if they're ignoring the data entirely, then they're not maintaining it. By the very definition you used.
They did give her cold hard cash - a full refund of the original purchase price of the laptop, which is more cash than the laptop lost was worth. They additionally gave her a gift card.
No company is going to give you cash above-and-beyond the purchase price. That's just BEGGING for fraud.
To win your argument in front of rational people, you have to explain why a company should be punished when it releases information about a person that it transcribed into its own database (e.g. account number), and not be punished when it releases that same information (e.g. account number) by losing a computer entrusted to its care.
Because in one case the company owned the data, recorded the data and was aware of its presence, and in another case it did not record the data, was not aware of its existence, and specifically told the owner of the computer that they were not responsible for any data owned by the customer on the computer?
The law says you're responsible for data you own maintain. It does not make you responsible for data you don't own/maintain. What's so hard to undertand about that?
The law is not much different than code. It's written the same way. When there's an AND operator, and that and operator is false, none of the other operators matter.
All sections of that law require "Breach of the security of the system". No breach of the security system, no violation. And breach of the security system requires "personal information maintained by the
person or business." (and remember, person here means provider of the service, not the customer)
Everything else in your post doesn't matter, because we have a 0 for 'personal information maintained by Best Buy', and once you have 0 in an AND, you've got 0.
You do have the best argument in that Best Buy did actually 'maintain' the data (as opposed to all the other arguments that are rendered entirely irrelevant as long as the maintenance issue isn't addressed), but I just don't see how you can argue anyone 'maintains' something that they are not even aware is there, did not want it, did not accept it, and are not even supposed to look at it.
anti BEST BUY zealots. They've made me crazy.
Don't bother. You're dealing with anti-slashdot zealots. Just silently track their posts until there's some thread about a Linux system crashing and losing data and wait until they spew about how it's the users fault for not backing it up.
Now *THAT* would be bad.
You can lie all you want. It's not fraud unless you gain from it. No amount of lying was going to change the fact that Best Buy owed her a replacement laptop.
Now, if Best Buy attempted after the fact to say that the terms of the warranty were different than they were at signing, or attempted to say the laptop lost was not the laptop under warranty, or represented that the replacement laptop was similar when it was not (less memory or something), THAT would be fraud.
But saying the computer isn't available because (whatever) when it's not available because it's stolen isn't fraud. It's bad business practice and dishonest, but not fraud.
That's not true for two reasons.
One, the computer was stolen. The presence of confidential data on the computer that was stolen was due to the customer.
Two, you're engaging in a logical fallacy when you argue that the proper precautions must not have been taken merely because the laptop was stolen. One does not necessarily mean the other. You can take the proper precautions and bad shit can happen anyway. We don't know if proper precautions were taken or not. But even if they were not taken, Best Buy is only responsible for the laptop, not the data on it.
I agree that it's not acceptable, but I don't think it's $54 million not acceptable, and it also isn't an act that's covered by DC's consumer identity protection law like she is asserting it is.
It's not that I didn't expect negative moderation - I'm just surprised that nobody can seem to get past 'Best Buy Bad!'
She pays someone who is qualified to do it.
You don't just hand the hard drive to someone who promises to pay absolutely no attention to what's on the hard drive and just assume everything will be ok.
The employment records lost were ABOUT you, but they were OWNED and MAINTAINED by IBM, and they were apparently lost by a contractor SPECIFICALLY CONTRACTED TO HANDLE CONFIDENTIAL DATA! (That's what Iron Mountain does).
The records on the customer's hard drive were OWNED AND MAINTAINED BY THE CUSTOMER. She then gave them to Best Buy (who was not contracted to handle confidential data, by the way), and Best Buy lost them.
So, your scenario:
Data is about: you
Data is owned and maintained by: IBM
Data is given by owner (IBM) to company informed of confidential nature of the data and contracted and paid specifically to handle confidential data (Iron Mountain).
Data is lost by: Iron Mountain
Responsible party: IBM
Best Buy scenario:
Data is about: The customer
Data is owned and maintained by: The customer
Data is given by owner (The Customer) to company NOT informed of the confidential nature of the data, who specifically tells you they are not responsible for data, and is contracted to fix power switch (Best Buy)
Data is lost by: Best Buy
Responsible party: CUSTOMER!
So the customer should buy herself some identify theft monitoring.
Thanks for making my point though.
Well, no, it says "person or business." Which includes the woman who lost her laptop, since she's a person.
Nope. The phrase 'person or business' refers to the person or business maintaining the data. Read subsections (a) and (b) which use the term breach of security - it reads that a person or business is responsible for disclosing the release of information maintained by that person or business. So if you use person as in the customer, than she is also the one responsible for the data, not best buy. Can't have it both ways.
I quoted the important part, because it contains the definition for the term used in the part you quoted. The part you quoted is ONLY applicable if it meets the definition of 'breach of the security of the system'.
You quoted:
See sect. 28-3852(b): "Any person or entity who maintains, handles, or otherwise possesses computerized or other electronic data that includes personal information that the person or entity does not own shall notify the owner or licensee of the information of any breach of the security of the system in the most expedient time possible following discovery."
You are substituting a common English definition for 'breach of the security system', but you can't - the section includes a very specific, legal definition of the term 'breach of the security system', and that's the definition you have to use, which according to 28-3851(1) is:
"(1) "Breach of the security of the system" means unauthorized acquisition of
computerized or other electronic data, or any equipment or device storing such data, that
compromises the security, confidentiality, or integrity of personal information maintained by the
person or business.
Because there is no information maintained by Best Buy involved, no LEGAL breach of the security of the system happened, so there's nothing for Best Buy to notify the customer of.
If you were having engine problems with your car, would you remove the transmission before you brought it to the shop to have it worked on?
That depends - is my tax return in the transmission?
How about....
If you were having engine problems with your car, would you take your bank statements, credit cards, and key to your safe deposit box out of your glove compartment before you had it worked on?
Might you not leave your laptop sitting on the back seat of your car when you turned it into the shop?
And if not, would you at least lock the glove box and only give the repair shop the valet key?
So where's the 'right' part of the law?
It would seem to me to be pretty easy, should I be mistaken, to quote the part of the law where Best Buy is actually responsible for notification.
I may have dumbed it down too much, and it's going to vary state by state, but in general, as far as protection of information goes, you're only obligated to protect information to the lesser of the degree at which you protect your own information or the provider of the information protects their own information. Because the question of negligence is always whether a party took REASONABLE precautions. If you took reasonable precautions, you're not negligent. And one measure of what would be considered reasonable is the actions normally taken by the plaintiff.
For example, if I'm a locksmith and I leave your house unlocked in Compton, that's probably negligent. But if I'm a locksmith and I leave your house unlocked in BFE Iowa, and I can prove that you haven't locked your door in years (setting aside for a minute that that probably means you don't need a locksmith), then that's probably not negligent.
Negligence is all about REASONABLE action.
Under the law they don't have to maintain the data to be liable; they simply have to maintain the machine.
No. Again, for your reference, the law in question, emphasized for the reading-comprehension-challenged:
"Breach of the security of the system" means unauthorized acquisition of
computerized or other electronic data, or any equipment or device storing such data, that
compromises the security, confidentiality, or integrity of personal information maintained by the
person or business.
Does it say SYSTEM maintained by the business? No. It says PERSONAL INFORMATION maintained by the business. The personal information was not maintained by best buy. Period.