SoylentNews is people
SoylentNews
Submitted via IRC for BoyceMagooglyMonkey
Your company has suffered a data breach. The law requires you to fall on your sword, and—at considerable time and expense—provide a government-scripted breach disclosure notice to your customers, including the facts and circumstances surrounding the breach, how it happened, what data was breached and, more importantly, what you are doing about it.
Irrespective of the costs of the breach itself, the government-compelled disclosure may cost you hundreds of thousands of dollars in disclosure costs alone, not to mention the reputational and other costs associated with this compelled speech. To make matters worse, the government-ordered speech does little in and of itself to make consumers safer or better protected against hackers.
[...] The data breach disclosure laws are clearly government-compelled speech. The government has a good reason for wanting companies to make such disclosures, but such reasons may not be "compelling" and the disclosure may not be the least intrusive means of achieving the government's objectives. Under the EU's GDPR regulations, the disclosure is made to the government privacy entity, and only where that entity believes it necessary is a public disclosure made.
In essence, the Supreme Court has found a right of commercial entities not to be required to make notifications and disclosures because they have a first amendment right not to be forced to do so.
(Score: 2) by crafoo on Thursday July 05 2018, @04:44PM (2 children)
OK, write a law that makes it a felony to disclose a person's credit card #, SSN without the express permission issued for each individual instance of disclosure. Disclosure of the data breach can happen during the public trial when the board of directors are prosecuted and sent to prison.
(Score: 2) by crafoo on Thursday July 05 2018, @04:48PM (1 child)
I suppose more to the point, what do you think would happen to you if you had the financial information (for legitimate business purposes) for a company and carelessly allowed it to be published to the internet? Do you think you would be punished for not disclosing the breach to the company? Do you think you wouldn't be prosecuted for the breach? Say you were a financial advisor/contractor. Do you think you would still be trusted with any companies private financial information, ever?
If corporations are people, they seem to be set at a more esteemed and protected class of people than actual people.
(Score: 2) by VLM on Thursday July 05 2018, @05:06PM
Its interesting to consider that SOX kinda makes it a felony not to do exactly what you're claiming.
My guess is there's going to be a great cultural separation where nothing is private but doing stuff with someone elses data is criminal.
For example my address is not considered private, much as in 2050 nothing will be considered private. That doesn't mean that Real Estate is a pit of criminality. Well, it is, but not because our postal addresses are public knowledge. Firebombing my house is, and probably will remain, illegal, unless the Democrat leftists gain power again, hope not...
So the world of the future, knowing my SS number or my CC number will be about as illegal as knowing my postal address. However, unlike today, CC fraud MIGHT actually be punished. Or I'd like to think so.