Submitted via IRC for BoyceMagooglyMonkey
Your company has suffered a data breach. The law requires you to fall on your sword, and—at considerable time and expense—provide a government-scripted breach disclosure notice to your customers, including the facts and circumstances surrounding the breach, how it happened, what data was breached and, more importantly, what you are doing about it.
Irrespective of the costs of the breach itself, the government-compelled disclosure may cost you hundreds of thousands of dollars in disclosure costs alone, not to mention the reputational and other costs associated with this compelled speech. To make matters worse, the government-ordered speech does little in and of itself to make consumers safer or better protected against hackers.
[...] The data breach disclosure laws are clearly government-compelled speech. The government has a good reason for wanting companies to make such disclosures, but such reasons may not be "compelling" and the disclosure may not be the least intrusive means of achieving the government's objectives. Under the EU's GDPR regulations, the disclosure is made to the government privacy entity, and only where that entity believes it necessary is a public disclosure made.
In essence, the Supreme Court has found a right of commercial entities not to be required to make notifications and disclosures because they have a first amendment right not to be forced to do so.
(Score: 3, Insightful) by Anonymous Coward on Thursday July 05 2018, @03:28PM (3 children)
Requiring an organization to disclose to people that it has screwed up and wronged them is quite different from being forced to advertise a service which it believes to be evil.
(Score: 2) by urza9814 on Thursday July 05 2018, @05:03PM (2 children)
Nobody requires a business to provide a service they think is evil. If you think baking a cake for certain people would be evil, then don't bake cakes.
The law says you can't discriminate against specific protected classes. Sexual orientation is a protected class. Companies with poor security practices is NOT a protected class, so there's no problem with the government discriminating against them. You can assert that this law is invalid as a violation of the First Amendment right to free speech, but it can also be argued that it is protected by the Ninth Amendment right to retain non-enumerated rights. So it's a question of how those amendments are interpreted, which means it's up to the courts, and they've already ruled in favor of...both. Goddamnit, guys...
(Score: 2) by qzm on Friday July 06 2018, @05:58AM
No one forced a company to collect and store private information.
If they don't want to have to do these disclosures, don't collect and store that information.
Simple, really.
(Score: 2) by The Mighty Buzzard on Saturday July 07 2018, @08:27PM
Wouldn't fly. SCOTUS has been pretending the Ninth or Tenth don't even exist for a long damned time.
My rights don't end where your fear begins.