These companies should be forced to pay big money to each and every person affected by these breaches. Not like $120. Like $10,000 per. Teach them real lessons
The breach here is pretty minor, in my book. Name, address, specifics of computer purchased. The name and address is pretty much available and linked already. The computer isn’t, but doesn’t seem that abusable. Maybe it could help someone locate more-expensive, newer computers for theft, but I don’t see a whole lot of potential room for abuse.
I do see potential room for abuse.
Let say someone has the list and contact the members of the list saying that they are from Dell and it is about the computer they purchased. They have all details, spec, address, etc so it believable.
Then they tell them to buy some “antivirus” or install some “hot fix” etc. Scammers are already doing this, but it is less convincing.
Even $120 would be amazing. I just got an email that said too bad. I just bought a monitor cause that’s where they sold it. Idk why they have to save my info. I just want to pay for the product. If it was up to me, they would delete all my info immediately. They only need to record when the serial number was sold anyway.
Instantly makes ransomware [edit 2: my brain was being dumb, I didn’t mean literally ransomware, I meant hackers blackmailing companies with the threat of releasing/selling stolen data] far more profitable.
Edit: And heavily discourages self-reporting. There’s a Schneier quote I like: “You can’t defend. You can’t prevent. The only thing you can do is detect and respond.”
Absolutely. But the penalty does modify the cost-benefit analysis. If a hacker demands $5m or else they will release stolen data, you might be more inclined to YOLO the 5 mil on the 1% chance they’re an honest hacker if the penalty for the breach is $50bn.
I agree. Even at $120 each. 120 times tens of millions is serious fucking cash.
We need to have a couple of big companies go bankrupt over this shit. Then maybe they will start taking it seriously. Perhaps at that point maintaining personal data on people will be seen as a liability rather than an asset. And that’s what we really need.
Yup. We need more of the corporate death penalty. And when corporations are so big that ‘killing’ them would harm the economy, I argue we’re back to too big to fail. Maybe the answer is giant fines, and if the company can’t pay, wipe out the largest shareholders and then resell the stock over time.
Make people’s personal information a giant hot potato that nobody wants to be holding.
Disagree. Breaking the corporate veil would have a whole lot of unintended consequences and would basically kill investment as a concept. I agree we need to do more about corporations that violate the law with impunity and get wrist slaps. I don’t think that’s it.
Because it would greatly increase the cost and risk of investment. Think not just for billionaires, but for anybody.
Imagine somebody buys a couple tens of thousands of dollars of a stock as part of their retirement, that company does something bad, and now not only do they lose their investment but they lose the rest of their retirement also.
I am all for wiping out shareholders, especially big ones, when a company does something super stupid. There should be an incentive for shareholders to hold companies they invest in accountable.
But suggesting that company owners become personally liable for the actions of those companies, especially when those equity owners have little or no control over the decisions of the company, that is a recipe for disaster.
Isn’t that the whole point of insurance? They assess the risk of that liability and average it out over time so you just pay a little bit of your return.
Oh I’m sure there would be insurance for that, but it would be expensive. It would dramatically reduce the amount of overall investment in the nation. That is a very bad thing, it would slow down the rate of our economy and innovation.
Don’t get me wrong, the current setup where companies treat your data like an asset and then lose it and nothing happens is broken. There need to be stiff penalties for it. Corporate death penalty even, especially with an ending of all too big to fail. I’m talking penalties scary to the point that whatever profit could be made from your personal information isn’t worth the risk of having it, companies are scared to collect info.
This would especially be true if there is negligence involved, like when companies put their databases on open S3 buckets. Companies should be scared shitless of that.
But destroying our system of investment is not the answer.
These companies should be forced to pay big money to each and every person affected by these breaches. Not like $120. Like $10,000 per. Teach them real lessons
The breach here is pretty minor, in my book. Name, address, specifics of computer purchased. The name and address is pretty much available and linked already. The computer isn’t, but doesn’t seem that abusable. Maybe it could help someone locate more-expensive, newer computers for theft, but I don’t see a whole lot of potential room for abuse.
I do see potential room for abuse. Let say someone has the list and contact the members of the list saying that they are from Dell and it is about the computer they purchased. They have all details, spec, address, etc so it believable. Then they tell them to buy some “antivirus” or install some “hot fix” etc. Scammers are already doing this, but it is less convincing.
Even $120 would be amazing. I just got an email that said too bad. I just bought a monitor cause that’s where they sold it. Idk why they have to save my info. I just want to pay for the product. If it was up to me, they would delete all my info immediately. They only need to record when the serial number was sold anyway.
Oh if only I was European.
But instead they will be fined, and they will pay that fine to the government.
They just pay up and do it again. It’s a business expense, not a punishment.
and then, us as the consumer will pay for the fine as well
Exactly… Meanwhile some poor soul goes to jail because he is too broke to pay for some parking fines
Instantly makes
ransomware[edit 2: my brain was being dumb, I didn’t mean literally ransomware, I meant hackers blackmailing companies with the threat of releasing/selling stolen data] far more profitable.Edit: And heavily discourages self-reporting. There’s a Schneier quote I like: “You can’t defend. You can’t prevent. The only thing you can do is detect and respond.”
If the data is breached, won’t we find out anyways once they start selling it?
Absolutely. But the penalty does modify the cost-benefit analysis. If a hacker demands $5m or else they will release stolen data, you might be more inclined to YOLO the 5 mil on the 1% chance they’re an honest hacker if the penalty for the breach is $50bn.
I agree. Even at $120 each. 120 times tens of millions is serious fucking cash. We need to have a couple of big companies go bankrupt over this shit. Then maybe they will start taking it seriously. Perhaps at that point maintaining personal data on people will be seen as a liability rather than an asset. And that’s what we really need.
Yep data protection should be life or death. Either that or make the executives personally responsible ie the fines come out of their pockets
Yup. We need more of the corporate death penalty. And when corporations are so big that ‘killing’ them would harm the economy, I argue we’re back to too big to fail. Maybe the answer is giant fines, and if the company can’t pay, wipe out the largest shareholders and then resell the stock over time. Make people’s personal information a giant hot potato that nobody wants to be holding.
Why stop there? Abolish the corporate veil. Those motherfuckers can buy liability insurance.
Disagree. Breaking the corporate veil would have a whole lot of unintended consequences and would basically kill investment as a concept. I agree we need to do more about corporations that violate the law with impunity and get wrist slaps. I don’t think that’s it.
Why do you think it would kill investment despite liability insurance?
Because it would greatly increase the cost and risk of investment. Think not just for billionaires, but for anybody. Imagine somebody buys a couple tens of thousands of dollars of a stock as part of their retirement, that company does something bad, and now not only do they lose their investment but they lose the rest of their retirement also.
I am all for wiping out shareholders, especially big ones, when a company does something super stupid. There should be an incentive for shareholders to hold companies they invest in accountable.
But suggesting that company owners become personally liable for the actions of those companies, especially when those equity owners have little or no control over the decisions of the company, that is a recipe for disaster.
Isn’t that the whole point of insurance? They assess the risk of that liability and average it out over time so you just pay a little bit of your return.
Oh I’m sure there would be insurance for that, but it would be expensive. It would dramatically reduce the amount of overall investment in the nation. That is a very bad thing, it would slow down the rate of our economy and innovation. Don’t get me wrong, the current setup where companies treat your data like an asset and then lose it and nothing happens is broken. There need to be stiff penalties for it. Corporate death penalty even, especially with an ending of all too big to fail. I’m talking penalties scary to the point that whatever profit could be made from your personal information isn’t worth the risk of having it, companies are scared to collect info. This would especially be true if there is negligence involved, like when companies put their databases on open S3 buckets. Companies should be scared shitless of that. But destroying our system of investment is not the answer.