by Mike Masnick
Thu, Jan 3rd 2008 6:57am
Following some massive data leaks in the UK, some politicians there are considering a plan to make it a criminal offense to "recklessly or repeatedly mishandle personal information." Contrast this to the US, where courts have noted that there can be no finding of negligence if the data leak is never found to have been used by identity thieves (even if exposing the data was done through negligence or recklessness). Of course, this is a fine balancing act. Certainly, one of the biggest problems leading to these data leaks is that the companies that leak data generally just get wrist slaps as punishment -- meaning that it's more cost effective to be weak in security than to properly protect it. Adding the potential of criminal charges could increase the cost enough that people take security of private info a lot more seriously. On the flipside, however, it could also cause other problems. No matter what, some ingenious criminal somewhere will figure out how to get access to a dataset or some unimaginable combination of events will occur to lead to lost data -- and it seems unfair to throw someone in jail for that. If anything, it may scare off some very smart folks from taking jobs securing that kind of data, as the personal liability might become too high. In the end, making the punishment for companies screwing up makes sense, but potentially putting individuals in jail without it being clear and egregious acts of negligence seems like a bad idea.
If you liked this post, you may also be interested in...
- Samsung SmartThings Platform Latest To Highlight Internet Of Things Security Is A Joke
- Netflix CEO Says Annoyed VPN Users Are 'Inconsequential'
- UK Drug Dogs Finding Way More Sausage And Cheese Than Actual Drugs
- UK Trademark Battle Over The Number 3
- Menace To Tax Dodgers David Cameron Has His Own Tax Dodging Exposed By The Panama Leaks