by Mike Masnick
Thu, Jan 3rd 2008 6:57am
Following some massive data leaks in the UK, some politicians there are considering a plan to make it a criminal offense to "recklessly or repeatedly mishandle personal information." Contrast this to the US, where courts have noted that there can be no finding of negligence if the data leak is never found to have been used by identity thieves (even if exposing the data was done through negligence or recklessness). Of course, this is a fine balancing act. Certainly, one of the biggest problems leading to these data leaks is that the companies that leak data generally just get wrist slaps as punishment -- meaning that it's more cost effective to be weak in security than to properly protect it. Adding the potential of criminal charges could increase the cost enough that people take security of private info a lot more seriously. On the flipside, however, it could also cause other problems. No matter what, some ingenious criminal somewhere will figure out how to get access to a dataset or some unimaginable combination of events will occur to lead to lost data -- and it seems unfair to throw someone in jail for that. If anything, it may scare off some very smart folks from taking jobs securing that kind of data, as the personal liability might become too high. In the end, making the punishment for companies screwing up makes sense, but potentially putting individuals in jail without it being clear and egregious acts of negligence seems like a bad idea.
If you liked this post, you may also be interested in...
- Web Sheriff Abuses DMCA In Weak Attempt To Hide Info Under UK High Court Injunction, Fails Miserably
- Fantastic: Now British Firms Are Getting In On The Bogus Website/Bogus DMCA Notice Scam
- UK Queen's Speech: More, Faster Broadband... But It Will Be Censored And Spied On
- Judge Rejects Attempt To Force Lauri Love To Decrypt His Computers, Despite Never Charging Him With A Crime
- UK Gov't Pushing For 10-Year Jail Sentences For Copyright Infringement Based On ¯\_(ツ)_/¯