Legal Issues

by Mike Masnick




Is It Illegal To Get Hacked?

from the define-reasonable-procedures dept

Tower Records and the FTC have apparently reached a settlement after the FTC accused them of allowing hackers to access customer records. This brings up a very interesting question that isn't often discussed. Since hack attacks to get at customer data happen all the time how does anyone determine whether or not the company itself is negligent in not protecting the data? At what point is it negligence rather than just being vulnerable? If the standard is set too low, then companies have less incentive to protect their data (though, pissed off customers may provide that incentive). However, blaming the victim for being hacked seems to present a lot of slippery slope style questions.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    AMetamorphosis, 22 Apr 2004 @ 7:56am

    BJ's Club


    Mike,

    My parents just went through a lot of crap getting debit & credit cards replaced because of the recent BJ's club fiasco.

    I've provided this link because we are from Pennsylvania for those not aware of the theft of data that occured with this merchant.

    http://www.philly.com/mld/inquirer/2004/03/31/business/8315762.htm?1c

    Businesses that do not adequately secure their data are responsible. Period. It is no different than an unethical Dr. that would not keep patient records confidential. Frankly, I still do not understand why BJ's club had their CC & debit card #'s on record in the first place. I would imagine that the only thing that should be in their compromised database in the first place is the member names, addresses & an account # that BJ's can use for THEIR records. It really shouldn't matter in what form the members choose to pay for their purchases & I would like to see laws that would make it illegal for institutions to keep YOUR CC & debit #'s on THEIR databases unless you specifically allow them to do so. Systems should be set up to delete finacial information once the transaction is completed.

    Can someone give me a good explanation of why BJ's might have kept my parents CC & debit card #'s to begin with ? I would honestly like to know so I have a better scope of this.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.