We've pointed out in our coverage of companies' data leaks that there's little incentive for them to spend much time or many resources on data protection, since the repercussions and costs of leaks are minimal. An interesting piece from Security Focus has taken a closer look at a case in which a person sued their student loan company after their information -- along with 550,000 other people's -- was leaked when a contractor's laptop was stolen. The court ruled in favor of the loan company, with the decision resting on whether or not the company had taken "reasonable" precautions to protect data. It's a totally subjective standard that's superficially imposed. As the article points out, the court said that the company had security policies and "safeguards" in place, but never actually examined whether or not they were effective, enforced or proper. Apparently the mere existence of some type of policy -- regardless of what that policy actually is -- is now enough for companies to eschew any liability for leaking consumers' data.
If you liked this post, you may also be interested in...
- Feds Insist It Must Be Kept Secret Whether Or Not Plaintiff In No Fly List Trial Is Actually On The No Fly List
- Documents Show LA Sheriff's Department Hired Thieves, Statutory Rapists And Bad Cops
- Unarmed Man Charged With Assault Because NYC Police Shot At Him And Hit Random Pedestrians
- Judge In No Fly Case Explains To DOJ That It Can't Claim Publicly Released Info Is Secret
- German Court Says CEO Of Open Source Company Liable For 'Illegal' Functions Submitted By Community