We've pointed out in our coverage of companies' data leaks that there's little incentive for them to spend much time or many resources on data protection, since the repercussions and costs of leaks are minimal. An interesting piece from Security Focus has taken a closer look at a case in which a person sued their student loan company after their information -- along with 550,000 other people's -- was leaked when a contractor's laptop was stolen. The court ruled in favor of the loan company, with the decision resting on whether or not the company had taken "reasonable" precautions to protect data. It's a totally subjective standard that's superficially imposed. As the article points out, the court said that the company had security policies and "safeguards" in place, but never actually examined whether or not they were effective, enforced or proper. Apparently the mere existence of some type of policy -- regardless of what that policy actually is -- is now enough for companies to eschew any liability for leaking consumers' data.
If you liked this post, you may also be interested in...
- Kansas City Cops Tell Man They'll Kill His Dogs And Destroy His Home If Forced To Obtain A Search Warrant
- Most Big Internet Companies Speak Out For Major Surveillance Reform
- Witness In No Fly List Trial, Who Was Blocked From Flying To The Trial, Shows That DOJ Flat Out Lied In Court
- Feds Insist It Must Be Kept Secret Whether Or Not Plaintiff In No Fly List Trial Is Actually On The No Fly List
- Documents Show LA Sheriff's Department Hired Thieves, Statutory Rapists And Bad Cops