Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Thursday July 05 2018, @03:18PM   Printer-friendly
from the first-post^W-amendment dept.

Submitted via IRC for BoyceMagooglyMonkey

Your company has suffered a data breach. The law requires you to fall on your sword, and—at considerable time and expense—provide a government-scripted breach disclosure notice to your customers, including the facts and circumstances surrounding the breach, how it happened, what data was breached and, more importantly, what you are doing about it.

Irrespective of the costs of the breach itself, the government-compelled disclosure may cost you hundreds of thousands of dollars in disclosure costs alone, not to mention the reputational and other costs associated with this compelled speech. To make matters worse, the government-ordered speech does little in and of itself to make consumers safer or better protected against hackers.

[...] The data breach disclosure laws are clearly government-compelled speech. The government has a good reason for wanting companies to make such disclosures, but such reasons may not be "compelling" and the disclosure may not be the least intrusive means of achieving the government's objectives. Under the EU's GDPR regulations, the disclosure is made to the government privacy entity, and only where that entity believes it necessary is a public disclosure made.

In essence, the Supreme Court has found a right of commercial entities not to be required to make notifications and disclosures because they have a first amendment right not to be forced to do so.

Source: https://securityboulevard.com/2018/07/are-breach-disclosure-laws-unconstitutional-in-the-wake-of-supreme-court-abortion-case/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Informative) by fyngyrz on Thursday July 05 2018, @04:33PM (3 children)

    by fyngyrz (6567) on Thursday July 05 2018, @04:33PM (#703055) Journal

    Corporations are [like] people too

    Yes. Well, and all too often, the people they are like are psychopaths and sociopaths.

    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 3, Interesting) by DannyB on Thursday July 05 2018, @04:39PM (1 child)

    by DannyB (5839) Subscriber Badge on Thursday July 05 2018, @04:39PM (#703060) Journal

    I think one might actually have to be either a psychopath or sociopath in order to work one's way up to the C level in a fairly large corporation. Or, if suddenly propelled to that level, staying there for any length will change the person into one eventually.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    • (Score: 0) by Anonymous Coward on Thursday July 05 2018, @04:56PM

      by Anonymous Coward on Thursday July 05 2018, @04:56PM (#703077)

      Dancing with the devil does not chance the devil; the devil changes you...

  • (Score: 0) by Anonymous Coward on Thursday July 05 2018, @05:42PM

    by Anonymous Coward on Thursday July 05 2018, @05:42PM (#703109)

    "Yes. Well, and all too often, the people they are like are psychopaths and sociopaths."

    And guess what? We lock those fuckers up when they become a danger to others. In the case of mental patients, we also lock them up if they become a danger to themselves as well.

    These forced disclosures are a legal requirement for the safety of the population.

    Besides which, any company actually saying they should have the right to HIDE their incompetence at the cost of their users/customers are basically asking to be tossed off a cliff. Breaches will eventually be leaked to the public. And the public will likely be a LOT more pissed when they find out that credit damage done to them over the last 5 years was due to Big Company putting all their customer info up on a public facing website in plain text years ago and then hid it from everyone just so they could save a few dollars and a LOT of PR in the short term. Ultimate outcome is that there's going to be an exodus of customers from that company. At least by forcing admittance of their shitty practices customers can protect themselves from Day 1 (Which is usually 6-12 months or more after a breach anyway) and it becomes a BIG motivator for the company to reorganize how they do business so that it's actually secure going forward.

    So companies trying to hide this behind a free speech argument are companies that want to save money on online security practices. That's the bottom line. Do you feel like trusting a company like that? I know I don't.