by Mike Masnick
Thu, Jan 3rd 2008 6:57am
Following some massive data leaks in the UK, some politicians there are considering a plan to make it a criminal offense to "recklessly or repeatedly mishandle personal information." Contrast this to the US, where courts have noted that there can be no finding of negligence if the data leak is never found to have been used by identity thieves (even if exposing the data was done through negligence or recklessness). Of course, this is a fine balancing act. Certainly, one of the biggest problems leading to these data leaks is that the companies that leak data generally just get wrist slaps as punishment -- meaning that it's more cost effective to be weak in security than to properly protect it. Adding the potential of criminal charges could increase the cost enough that people take security of private info a lot more seriously. On the flipside, however, it could also cause other problems. No matter what, some ingenious criminal somewhere will figure out how to get access to a dataset or some unimaginable combination of events will occur to lead to lost data -- and it seems unfair to throw someone in jail for that. If anything, it may scare off some very smart folks from taking jobs securing that kind of data, as the personal liability might become too high. In the end, making the punishment for companies screwing up makes sense, but potentially putting individuals in jail without it being clear and egregious acts of negligence seems like a bad idea.
If you liked this post, you may also be interested in...
- FTC Sues D-Link For Pretending To Give A Damn About Hardware Security
- After Lawsuits And Denial, Pacemaker Vendor Finally Admits Its Product Is Hackable
- Top UK Cop Says Hackers Should Be Punished Not With Prison, But With Jammed WiFi Connections
- UK Cops Punish Suspected Hacker By Having Him Work With The Organization He Hacked To Patch Up Security Holes
- Ex-MI6 Boss: When It Comes To Voting, Pencil And Paper Are 'Much More Secure' Than Electronic Systems