SoylentNews is people
SoylentNews
Submitted via IRC for BoyceMagooglyMonkey
Your company has suffered a data breach. The law requires you to fall on your sword, and—at considerable time and expense—provide a government-scripted breach disclosure notice to your customers, including the facts and circumstances surrounding the breach, how it happened, what data was breached and, more importantly, what you are doing about it.
Irrespective of the costs of the breach itself, the government-compelled disclosure may cost you hundreds of thousands of dollars in disclosure costs alone, not to mention the reputational and other costs associated with this compelled speech. To make matters worse, the government-ordered speech does little in and of itself to make consumers safer or better protected against hackers.
[...] The data breach disclosure laws are clearly government-compelled speech. The government has a good reason for wanting companies to make such disclosures, but such reasons may not be "compelling" and the disclosure may not be the least intrusive means of achieving the government's objectives. Under the EU's GDPR regulations, the disclosure is made to the government privacy entity, and only where that entity believes it necessary is a public disclosure made.
In essence, the Supreme Court has found a right of commercial entities not to be required to make notifications and disclosures because they have a first amendment right not to be forced to do so.
(Score: 4, Insightful) by Runaway1956 on Thursday July 05 2018, @03:55PM (1 child)
No one forced the corporation to do a crappy job of security. No one forced them to store my data on a public facing and/or public accessible machine. No one forced them to hire crap IT personnel. In all of this, Evil Corp was trying to save money, at my expense. When Evil Corp is "breached" and my stuff is accessed, then Evil Corp has a moral and ethical obligation to inform me, at the least. Those obligations should be codified into law, thus making it a legal obligation as well.
Does the disclosure make me any safer? Well, as has already been pointed out, not really. My data and/or my money has already been stolen. But, it DOES enable me to take actions that may (or may not) limit the damage caused by the breach.
Without any legal obligation to inform me, then Evil Corp can go on about it's business, pretending that no breach ever happened. They can sit back and watch as hundreds of people, or maybe even hundreds of millions of people, are exploited through the use of that data.
Does anyone want to tell me that the last alternative is NOT evil?
(Score: 3, Interesting) by VLM on Thursday July 05 2018, @05:00PM
My gut level guess is this law is brought to you by a handful of giant new york banks who are tired of eating stolen CC charges, not brought to you by a government caring about its citizens, or at least the people who live here. I'd LIKE to agree with you, although I suspect its unrealistic.