As I said when the Yahoo data breach was uncovered, Verizon was should've reduced the acquisition deal by billions or even scrap it altogether. Instead they only reduced it by $350 million from $4.8 billion. Dumb.
Either way, I'm actually happy with this outcome, because for one Yahoo was destroyed due to its data breach and allowing the NSA to put backdoors on its servers, and second Verizon said it's getting out of the content business.
That can only be a positive for all Verizon customers, because Verizon being involved in the content business only meant more and more spying on its customers' web behavior.
Hopefully we'll see more such cases where the value of companies suffering major data breaches is reduced to almost nothing. Maybe that will change the industry's thinking about data security and data collection a little bit.
I've also long argued that governments as well as corporations should see data collection as a liability. So that when a data breach happens and everyone's data is exposed, they should be fined into near-bankruptcy. However, if they minimize data collection and they encrypt the data they do gather in such a way that even the companies themselves can't access it (end-to-end encryption, fully homomorphic encryption, etc), then they should be immune from such fines. I figure that would swing the pendulum towards companies minimizing the reckless "all they can get" collection of users' data.
All you are doing by making such punishing consequences is giving hackers an actual motivation for breaching public companies.
Right now if data leaks, maybe you get some emails and user data which is cool but ultimately useless beyond spam value or for identity fraud, or perhaps for hacking some other financial accounts that may be of some value, but also adds more risk.
But if you know a company could be utterly destroyed with fines, you can open up a huge short position on the company and then publicize the breach somewhere and wait for the stock to drop to zero.
Or maybe you’re a startup and want to eliminate some competitors. Pay off some hackers in bitcoin to attack and breach their servers and watch them go under.
You could take your reasoning to physical security, and say that banks shouldn't be expected to protect customers' safe deposit boxes, because a bank robber could open a huge short position in the bank, rob them, and profit from the loss of customer trust.
The equivalent argument is that if one branch of a bank gets robbed they should be fined to near bankruptcy, which would almost certainly cause a drop in shareholder value.
No. GDPR says data is yours to give or not, and direct its use. HIPAA says it has to be kept safe, but it isn’t actually yours, and you can’t just ask that it be deleted.
Either way, I'm actually happy with this outcome, because for one Yahoo was destroyed due to its data breach and allowing the NSA to put backdoors on its servers, and second Verizon said it's getting out of the content business.
That can only be a positive for all Verizon customers, because Verizon being involved in the content business only meant more and more spying on its customers' web behavior.
Hopefully we'll see more such cases where the value of companies suffering major data breaches is reduced to almost nothing. Maybe that will change the industry's thinking about data security and data collection a little bit.
I've also long argued that governments as well as corporations should see data collection as a liability. So that when a data breach happens and everyone's data is exposed, they should be fined into near-bankruptcy. However, if they minimize data collection and they encrypt the data they do gather in such a way that even the companies themselves can't access it (end-to-end encryption, fully homomorphic encryption, etc), then they should be immune from such fines. I figure that would swing the pendulum towards companies minimizing the reckless "all they can get" collection of users' data.