Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Well that's a problem. PII breaches should have pointed ends as pointed, if not more, than insider trading.


That's really hard to do. PII breaches are virtually always by mistake (irrelevant if that mistake is negligence).

Insider trading is intentional.

You can't really legislate serious penalties for mistakes, and negligence is really really hard to prove.


Negligence is not "really really hard to prove".

In the US, negligence as a tort is a four-pronged test. In the case of Equifax, did they have a duty to protect your PII? Did they breach that duty? Was that breach the proximate cause of your PII being disclosed? Did that disclosure result in an injury?


The EU already has legislated serious penalties for data breaches, and AFAIK whether it was a "mistake" or negligence is irrelevant:

https://en.wikipedia.org/wiki/General_Data_Protection_Regula...

The US doesn't seem to have much appetite for this kind of regulation though.


It's worth distinguishing the US congress and executive branch from the US citizenry, in cases like this.


Very true. I'd be interested to know how this issue polls in the US, I haven't seen any data on that.


> You can't really legislate serious penalties for mistakes, and negligence is really really hard to prove.

You can legislate serious penalties for negligence, of which a great number of PII breaches would, IMHO, be candidates for.


Absolutely, and there needs to be a statutory value placed on PII so that the Equifaxes of the world will have to be insured, and insurers will perform due diligence.

Until then...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: