The legislature and law enforcement finally seem to have some ideas how to combat data compromises. Hackers are being prosecuted for their transgressions but legislation is also being proposed to prosecute the targets of the hackers. You might think that it isn’t right to prosecute the “victim” but large data breach targets aren’t innocent victims. There have been enough data hacks to educate even the most computer naïve persons. There are standards and requirements that will prevent most data hacks. If consumer information isn’t being protected, there should be penalties.
Don’t think that the government is going to prosecute you if your personal computer is compromised. The government is beginning to target companies that are negligent when protecting consumer information. Equifax is a perfect example of the new focus on data compromises. It has made a large business out of reporting our credit histories to clients. Credit agencies are the perfect target for an identity thief. Personal information mined from credit agencies allows criminals to steal an identity.
All mistakes should be a learning opportunity. Have the holders of large data learned anything from all of the attacks? It doesn’t seem so. We keep hearing about one data breach after another. The guards are asleep during their watch. The Uber data breach has turned into a real mess. It has been revealed that Uber management paid hackers a $100,000 ransom and attempted to cover it up. That may be ok if the management were the parties most affected by the breach. The injured parties are the persons whose information was stolen.
Organizations don’t want the public to be aware of their mistakes. One has to wonder how much money is stolen from financial institutions. Do you know how much money has disappeared from your bank? Some organizations may determine that it is better to not prosecute a thief in order to protect the organization’s reputation.
Your identity belongs to you. No one has the right to decide to ignore your wishes in the event of a data breach. If your data was stolen, shouldn’t you be able to decide the sanction? You can’t tar and feather the executives of the organization that allowed your information to be compromised but citizens can demand laws that will protect our interests. The current data breaches have forced the government to consider all parties at fault.
Your personal information is a valuable item. It has value. Legitimate and illegal organizations are willing to pay for it. Why do organizations allow a valuable resource to be pilfered by criminals? If you protect your information, doesn’t it seem fair that any organization that maintains information about you should do the same? Shouldn’t organizations pay for any damages caused data compromises?