Comment by typeofhuman

Comment by typeofhuman 3 days ago

9 replies

View on Hacker News

I think data-breaches could carry the death penalty for companies.

I just got a notification from some health services company that my and my toddlers data was accessed. Including medical history, diagnoses, payment details, SSN, birthday. Why was this not encrypted? Given the world today, this is negligent. The government should be able to disolve the company and give the money to the victims.

If there was a willful disregard for "common security and privacy standards", criminal charges against the executive team.

You want my personal life data? It comes with steep personal risk.

mikercampbell 3 days ago

My HSA emailed me and said “woopsies, we leaked all your data”.

And…? You’re going to try and give me credit monitoring when I literally have 2 overlapping credit monitoring offers from the other companies that leaked my data?

Reply View 0 replies
itake 3 days ago

> The government should be able to disolve the company and give the money to the victims

I feel you, but my understanding is without clear monetary impact, its hard to collect any amount of money from these companies. Even if you experience identity theft, whose to say this vs one of the other data leaks was the issue.

Reply View 1 reply
  • pavel_lishin 2 days ago

    Yes. That's the current state of things. And we want it to not be the state of things.

    Reply View 0 replies
JumpCrisscross 3 days ago

> data-breaches could carry the death penalty for companies

One, corporate death penalties are nonsense. They’re a distraction from fines.

Two, what would America pay for its adversaries to enact such a policy. Automatic self destruct for the entire data sector.

Reply View 3 replies
  • dbspin 2 days ago

    I agree that a 'corporate death penalty' would be enormously open to abuse, sector rivals would be even more incentivised to industrial espionage for one thing...

    But 'a distraction from fines'? Fines do nothing to help those affected by such breaches. Even class action lawsuits usually result in symbolic payouts to individual victims. Given the potential consequences of these breathes - especially in the health space, criminal prosecution for those executives responsible seem appropriate, commensurate and incentivising.

    Reply View 2 replies
    • JumpCrisscross 2 days ago

      > But 'a distraction from fines'? Fines do nothing to help those affected by such breaches

      Bigger fines. Fines that bankrupt the company. Note: bankrupt. Not shut down. Clean out the shareholders and upper management, possibly spin some stuff off or even break it up. (There is this popular conception that bankruptcy means an F-35 bombs the company’s offices and factories and it’s plain wrong.)

      Corporate death penalty is a distraction from bigger fines.

      Reply View 0 replies
raverbashing 2 days ago

> I think data-breaches could carry the death penalty for companies.

The ironic thing is: why pay for their data now when it's out there already?

Sounds like they played themselves

Reply View 1 reply
  • snapcaster 2 days ago

    Because most companies aren't going to go out to the dark web and buy breached data with bitcoin?

    Reply View 0 replies