Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Thursday July 05 2018, @03:18PM   Printer-friendly
from the first-post^W-amendment dept.

Submitted via IRC for BoyceMagooglyMonkey

Your company has suffered a data breach. The law requires you to fall on your sword, and—at considerable time and expense—provide a government-scripted breach disclosure notice to your customers, including the facts and circumstances surrounding the breach, how it happened, what data was breached and, more importantly, what you are doing about it.

Irrespective of the costs of the breach itself, the government-compelled disclosure may cost you hundreds of thousands of dollars in disclosure costs alone, not to mention the reputational and other costs associated with this compelled speech. To make matters worse, the government-ordered speech does little in and of itself to make consumers safer or better protected against hackers.

[...] The data breach disclosure laws are clearly government-compelled speech. The government has a good reason for wanting companies to make such disclosures, but such reasons may not be "compelling" and the disclosure may not be the least intrusive means of achieving the government's objectives. Under the EU's GDPR regulations, the disclosure is made to the government privacy entity, and only where that entity believes it necessary is a public disclosure made.

In essence, the Supreme Court has found a right of commercial entities not to be required to make notifications and disclosures because they have a first amendment right not to be forced to do so.

Source: https://securityboulevard.com/2018/07/are-breach-disclosure-laws-unconstitutional-in-the-wake-of-supreme-court-abortion-case/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by tangomargarine on Thursday July 05 2018, @09:23PM

    by tangomargarine (667) on Thursday July 05 2018, @09:23PM (#703254)

    What about free speech and advertising? Shouldn't a company be able to say that their food additive is safe, even if it contains less than 9 % drain opener?

    Food companies are already allowed to call their products "meat" as long as they're no more than x% insect parts, "100% beef" with pink slime, etc.

    And what about a company's free speech right on nutrition information labeling to say that their product has only XX grams of salt when it actually has 23 times more than the stated amount?

    This is already a thing, as long as the rounding works out right. Like how companies could say a thing had 0g trans fats as long as it was <0.5g.

    Suppose a company wants to express themselves by making an HTTP GET parameter such as: ?customerId=5839

    such that customerId is a numerical sequence starting at 1. And viewing (maybe even editing?) a customer's private information record requires you to know one of these sequential numbers.

    Shouldn't it be the company's free speech right to say their system is of a secure design?

    "Secure" and "not secure" isn't a boolean value. And besides, "secure" isn't a well-defined industry-standard term.

    Also, your example was weak and your father smelt of elderberries.

    --
    "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2