SoylentNews is people
SoylentNews
Submitted via IRC for BoyceMagooglyMonkey
Your company has suffered a data breach. The law requires you to fall on your sword, and—at considerable time and expense—provide a government-scripted breach disclosure notice to your customers, including the facts and circumstances surrounding the breach, how it happened, what data was breached and, more importantly, what you are doing about it.
Irrespective of the costs of the breach itself, the government-compelled disclosure may cost you hundreds of thousands of dollars in disclosure costs alone, not to mention the reputational and other costs associated with this compelled speech. To make matters worse, the government-ordered speech does little in and of itself to make consumers safer or better protected against hackers.
[...] The data breach disclosure laws are clearly government-compelled speech. The government has a good reason for wanting companies to make such disclosures, but such reasons may not be "compelling" and the disclosure may not be the least intrusive means of achieving the government's objectives. Under the EU's GDPR regulations, the disclosure is made to the government privacy entity, and only where that entity believes it necessary is a public disclosure made.
In essence, the Supreme Court has found a right of commercial entities not to be required to make notifications and disclosures because they have a first amendment right not to be forced to do so.
(Score: 5, Insightful) by DannyB on Thursday July 05 2018, @03:53PM (14 children)
Shouldn't companies have the right of free expression of their thoughts and ideas?
Suppose a company wants to express themselves by making an HTTP GET parameter such as: ?customerId=5839
such that customerId is a numerical sequence starting at 1. And viewing (maybe even editing?) a customer's private information record requires you to know one of these sequential numbers.
Shouldn't it be the company's free speech right to say their system is of a secure design?
What about free speech and advertising? Shouldn't a company be able to say that their food additive is safe, even if it contains less than 9 % drain opener?
What about free speech rights concerning lists of ingredients on food?
And what about a company's free speech right on nutrition information labeling to say that their product has only XX grams of salt when it actually has 23 times more than the stated amount?
Corporations are people too! And their feewings get hurt if they cannot express their free speech!
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 3, Informative) by fyngyrz on Thursday July 05 2018, @04:33PM (3 children)
Yes. Well, and all too often, the people they are like are psychopaths and sociopaths.
(Score: 3, Interesting) by DannyB on Thursday July 05 2018, @04:39PM (1 child)
I think one might actually have to be either a psychopath or sociopath in order to work one's way up to the C level in a fairly large corporation. Or, if suddenly propelled to that level, staying there for any length will change the person into one eventually.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 0) by Anonymous Coward on Thursday July 05 2018, @04:56PM
Dancing with the devil does not chance the devil; the devil changes you...
(Score: 0) by Anonymous Coward on Thursday July 05 2018, @05:42PM
"Yes. Well, and all too often, the people they are like are psychopaths and sociopaths."
And guess what? We lock those fuckers up when they become a danger to others. In the case of mental patients, we also lock them up if they become a danger to themselves as well.
These forced disclosures are a legal requirement for the safety of the population.
Besides which, any company actually saying they should have the right to HIDE their incompetence at the cost of their users/customers are basically asking to be tossed off a cliff. Breaches will eventually be leaked to the public. And the public will likely be a LOT more pissed when they find out that credit damage done to them over the last 5 years was due to Big Company putting all their customer info up on a public facing website in plain text years ago and then hid it from everyone just so they could save a few dollars and a LOT of PR in the short term. Ultimate outcome is that there's going to be an exodus of customers from that company. At least by forcing admittance of their shitty practices customers can protect themselves from Day 1 (Which is usually 6-12 months or more after a breach anyway) and it becomes a BIG motivator for the company to reorganize how they do business so that it's actually secure going forward.
So companies trying to hide this behind a free speech argument are companies that want to save money on online security practices. That's the bottom line. Do you feel like trusting a company like that? I know I don't.
(Score: 5, Insightful) by Thexalon on Thursday July 05 2018, @04:46PM (5 children)
I'll believe that when I see a corporation go to jail.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 5, Interesting) by DannyB on Thursday July 05 2018, @05:05PM (4 children)
I'd prefer to see a corporation get the death penalty. Simply dissolve the corporation for some egregious violation of law.
Instantly investors lose out. CEOs and other CXX are out of a job. Other people out of a job. Serious consequences.
The result: EVERYONE will start to hold corporations more accountable (investors, CXX's, legislators) long before things go off the rails.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by Thexalon on Thursday July 05 2018, @08:56PM
The amazing thing is that in my experience at least a CxO who runs a company into the ground is more likely to be given a chance to be a CxO than a lower-level executive who has been successfully running whatever they're in charge of. This might have something to do with their buddies from their former job doing the hiring.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 0) by Anonymous Coward on Thursday July 05 2018, @09:25PM (1 child)
What about the assets? Wholly owned subsidiaries? Parent corporation that actually owns everything?
Any way you line up this "death penalty", some structure will emerge where the corporation found responsible will own nothing and the stock holders, execs, etc, can move on to another corporation with an oddly (ahem, exactly) similar structure.
It's hard to make "death" apply to legal fictions in a meaningful way.
(Score: 2) by DannyB on Friday July 06 2018, @02:09PM
It was a quick idea. But to refine it . . .
The death penalty applies to the corporation or wholly owned subsidiary that committed the offense. Not to a holding company. Not necessarily to a parent company that owns the offending company -- unless it is shown that the offense was done at the parent company's direction, and on up the chain of ownership. It stops where the offense began.
The assets are disposed of as in bankruptcy liquidation. The creditors are paid off, and maybe the investors get something.
If investors are unhappy, they should pay more attention to how evil are the companies they invest in.
If creditors are unhappy, maybe they should have some threshold of just how evil of an organization they will associate with.
Just as in all of human history. This is what happens with evil human individuals. It serves as a lesson to others. People becoming too evil become well known and are shunned. Collateral damage is done in inflicting the death penalty. Etc.
It's not a perfect plan. But some people want corporations to be people, so let's make it sew.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by number11 on Friday July 06 2018, @05:32AM
I dunno. "Going to jail" could be the equivalent of a death penalty. "Going to jail" would involved having all the physical premises padlocked and all the bank accounts frozen for the duration of the sentence. 30 days in the slammer for Wells Fargo, VW, The Trump Organization, whatever. Production stops, cash flow stops, but contract obligations don't stop. Gonna be a lot of penalties after the sentence is up and the dust settles.
Why yes, it would hurt innocent people. Criminals do that. A corporation that steals from thousands hurts far more people than the blue collar mugger can ever aspire to.
(Score: 2) by frojack on Thursday July 05 2018, @07:13PM (2 children)
Nice troll, but you fail to recognize the difference between the risk of future harm, and some imaginary hurt feelings.
Free speech does not extend so far as to allow you two shout FIRE in a crowded theater.
But it does not absolve the management from turning up the house lights and announcing that a real fire exists.
Nor does any part of the law require you to applaud at end of the film.
You need not express approval of something you disapprove of.
Maybe you were going for funny. I'm not amused. Sue me.
No, you are mistaken. I've always had this sig.
(Score: 2) by NewNic on Thursday July 05 2018, @07:29PM
A common misconception. It's never been decided, and the status of shouting "fire" in a theatre is not clear.
lib·er·tar·i·an·ism ˌlibərˈterēənizəm/ noun: Magical thinking that useful idiots mistake for serious political theory
(Score: 3, Interesting) by DannyB on Thursday July 05 2018, @07:34PM
Thanks!
Don't give lawmakers any ideas.
Just wait until
Trump'sThe Dear Leader's 3rd or 4th term.More to the point:
When Corporations have imaginary hurt feelings, that IS a future harm. Even if it is not so for the rest of us mere humans. Corporations don't like having to say they did something wrong -- even if they did and it harmed millions of people. You can be sure that the corporations (and their shills) will not like the government compelling them to disclose major breaches of security.
IMO, one reason why they SHOULD be required to disclose breaches, beyond simply notifying everyone after the fact, is that it serves as an incentive to PREVENT breaches in the first place. I happen to think they should also be civilly liable for all ensuing damages. But that won't happen because then they would REALLY have to think about security and take it seriously. Getting their security modded Funny wouldn't cut it.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by tangomargarine on Thursday July 05 2018, @09:23PM
Food companies are already allowed to call their products "meat" as long as they're no more than x% insect parts, "100% beef" with pink slime, etc.
This is already a thing, as long as the rounding works out right. Like how companies could say a thing had 0g trans fats as long as it was <0.5g.
"Secure" and "not secure" isn't a boolean value. And besides, "secure" isn't a well-defined industry-standard term.
Also, your example was weak and your father smelt of elderberries.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"