> There have to be rules & regulations for how personal data is stored.
Totally agreed.
> There MUST be consequences for data breaches.
Even if you're following those rules and regulations? I think the general idea of malpractice applies here. People do their best, but you can't prevent every unknown. So as long as you're not a complete idiot or acting in bad faith, it's not your fault. Punishing people for a bad actor's actions wouldn't do anything but make it even harder to enter a market.
Preventing data breaches is a lost cause. For one, most everyone's PII is already on the net. Plugging that hole is like patching the Titanic. We're already sunk. What we need is a way to prevent identity theft. Possibly a way to help people more easily recover from it as well. The US has the FDIC in case a bank implodes. We need something like that, but for all my accounts when some guy in Russia takes out five mortgages on my property.
Or, we need to radically rethink PII. We're still using ink signatures on paper to sign for contracts for Pete's sake. I should have to crytographically sign a house mortgage, not make some hand drawn glyph that nobody can read and anybody could fake. Of course, that comes with other problems such as Big Brother having more data about me, but this reply is long enough.
E.x. if the data breached was not critical to legal retention requirements, the penalty is more severe. (Ofc this assumes good definition of what is critical for legal retention).
At the very least it would encourage companies to keep such data less or for shorter times to minimize damage.
Totally agreed.
> There MUST be consequences for data breaches.
Even if you're following those rules and regulations? I think the general idea of malpractice applies here. People do their best, but you can't prevent every unknown. So as long as you're not a complete idiot or acting in bad faith, it's not your fault. Punishing people for a bad actor's actions wouldn't do anything but make it even harder to enter a market.
Preventing data breaches is a lost cause. For one, most everyone's PII is already on the net. Plugging that hole is like patching the Titanic. We're already sunk. What we need is a way to prevent identity theft. Possibly a way to help people more easily recover from it as well. The US has the FDIC in case a bank implodes. We need something like that, but for all my accounts when some guy in Russia takes out five mortgages on my property.
Or, we need to radically rethink PII. We're still using ink signatures on paper to sign for contracts for Pete's sake. I should have to crytographically sign a house mortgage, not make some hand drawn glyph that nobody can read and anybody could fake. Of course, that comes with other problems such as Big Brother having more data about me, but this reply is long enough.