by Mike Masnick
Thu, Jan 3rd 2008 6:57am
Following some massive data leaks in the UK, some politicians there are considering a plan to make it a criminal offense to "recklessly or repeatedly mishandle personal information." Contrast this to the US, where courts have noted that there can be no finding of negligence if the data leak is never found to have been used by identity thieves (even if exposing the data was done through negligence or recklessness). Of course, this is a fine balancing act. Certainly, one of the biggest problems leading to these data leaks is that the companies that leak data generally just get wrist slaps as punishment -- meaning that it's more cost effective to be weak in security than to properly protect it. Adding the potential of criminal charges could increase the cost enough that people take security of private info a lot more seriously. On the flipside, however, it could also cause other problems. No matter what, some ingenious criminal somewhere will figure out how to get access to a dataset or some unimaginable combination of events will occur to lead to lost data -- and it seems unfair to throw someone in jail for that. If anything, it may scare off some very smart folks from taking jobs securing that kind of data, as the personal liability might become too high. In the end, making the punishment for companies screwing up makes sense, but potentially putting individuals in jail without it being clear and egregious acts of negligence seems like a bad idea.
If you liked this post, you may also be interested in...
- Tempting Fate: Pittsburgh Election Officials Insist Their E-Voting Machines Can't Be Hacked
- Your 'Smart' Power Outlets Are Now Botnets Thanks To The Internet Of Broken Things
- Facebook's ContentID Clone Had A Vulnerability That Opened Up Ability For Users To Game Others' Videos
- Australia's Census Fail Goes Into Overdrive -- A Complete And Utter Debacle
- Like The Rest Of The Internet Of Things, Most 'Smart' Locks Are Easily Hacked