Companies hacked and minimal penalties for them.

With the amount of cyber hacks, and the breach of thousands of peoples data, and putting you at risk of identity theft, having crimes lodge credit in your name, and you are responsible for the debt.

And other breaches if your life.

I think it’s about time that many companies, have very poor layers of security, keeping customers details for years after you have done business with them, that this data is being stolen, and not protected properly.

I think a push should be made to force companies to invest in better systems that penalties need to be mandated.

I propose a fine that for the breach of each individual persons identity that the company is fined one million dollars per hack of each client record offence.

Anh half a million dollars should be awarded to the individual as compensation.

This will force companies to be more compliant to not maintain personal data for years that does not need to be maintained.

And then force companies to invest in better security and systems to prevent client data to avoid loss to their bottom line.


Unless the fines are beyond a slap on the wrist nothing will change.

a reply to: robsmith

That's great! It's so disappointing to click on a thread and all you get is "Aliens are real Thought?" or nothing but a link to a Youtube video with the comment "Watch this!".

a reply to: nugget1

Apologies, I submitted before I got it written.

a reply to: robsmith

You completely erased your rant about ATS imposing stricter rules for posting. I should have done a quote for posterity.

originally posted by: robsmith
I propose a fine that for the breach of each individual persons identity that the company is fined one million dollars per hack of each client record offence.

Anh half a million dollars should be awarded to the individual as compensation.

You do know that no system is 100% secure and safe from hackers, right? So, for a breach where 100 people's info is hacked and stolen, it costs the company $150,000,000 ($150 Million)? And when it is 1,000 people, it costs them $1,500,000,000 ($1.5 Billion)? What about when it's a database of a million people?

Do you have any idea how totally fracking cluelessly absurd that idea is?

I'm not saying it isn't a problem, and I'm not saying companies shouldn't be held liable, but do you really want to enact a law that would bankrupt every company that encounters a breach?

So what sort of penalty would be reasonable? I agree with the OP the fact that the client gets limped with the debt is ridiculous. The concept of a huge fine is as well, in my opinion.

I think the debt should be voided and the credit provider should be lumped with the default.

It would be interesting to watch these credit providers scramble and apply pressure to the companies the OP references.

How long do you think it would take for cyber security to be taken seriously?

reply to: tanstaafl

originally posted by: Dalamax
So what sort of penalty would be reasonable? I agree with the OP the fact that the client gets lumped with the debt is ridiculous, the concept of a huge fine is as well, in my opinion.

I think the debt should be voided and the credit provider should be lumped with the default.

It would be interesting to watch these credit providers scramble and apply pressure to the companies the OP references.

How long do you think it would take for cyber security to be taken seriously?

reply to: tanstaafl

originally posted by: Dalamax
a reply to: tanstaafl
So what sort of penalty would be reasonable?

Dunno. I was just pointing out how totally unbelievably unreasonable the OPs suggestion was.

I agree with the OP the fact that the client gets limped with the debt is ridiculous. The concept of a huge fine is as well, in my opinion.

Dunno. I keep my credit frozen until I need it unfrozen for something, which is not very often, and it is extremely easy to unfreeze/refreeze now within minutes, all online.

I think the debt should be voided and the credit provider should be lumped with the default.

Depends on the debt in question, and how easy it is to prove it isn't yours.

But again, keeping your credit frozen goes a long way to limiting damage from these kinds of things.

That, and I don't give identifying info to all of the asshats that ask for it and pretend it is required.

a reply to: tanstaafl

The idea is to threaten big fines, that organisations invest in proper security and if not they suffer the loss.

Why can’t organisations only work on a batch system, where at datacthrough a day is batched for overnight updates to the mainframe, and have a small window for the transfer.

Have a system where the primary system receives data through the day. This primary system disconnects from all external systems at a set time.

The secondary system connects to the primary system the data packet is received all updates and processes are undertaken and the results are transferred to the primary system, once the data packet is downloaded.

Both systems disconnect from each other than the primary system reconnected to the web to share the data packet.

I believe this would reduce the opportunity for big hacks.

Granted people want data immediately, though I would be ok with waiting 48 hours for a process to be completed, knowing that a hack could be reduced, as only. Client data on that day could be 2000 customers not 1 million if a data breach occurs.

Would this be a sensible way to reduce risk.

originally posted by: robsmith
a reply to: tanstaafl

The idea is to threaten big fines,

Big fines? That is how you refer to fines that would literally bankrupt a company immediately?

Do you seriously believe that any company in the world would even exist under such threats?

that organisations invest in proper security and if not they suffer the loss.

Define 'proper security'.

Hint: again, there is no such thing as perfect security, or even 'proper' security, there is only best effort. Everything has bugs and holes.

Why can’t organisations only work on a batch system, where at datacthrough a day is batched for overnight updates to the mainframe, and have a small window for the transfer.
...
Would this be a sensible way to reduce risk.

No. Things happen in real time. This is how it is.

The best way to handle this is to outlaw the storing of anyone's private data - at all - ever - period (another hint: it'll never happen).

Next question?