The penalty for mishandling mandatory/essential data like social sec numbers, medical and driving records should be much much higher than just normal PII data. It’s not like I can opt out of having a social security number. It’s forced on us and then we can get completely screwed over if someone we didn’t even know had the info allows it to be breached. Also this nonsense about allowing government contractors in and out of information critical systems like that needs to go away. It’s only done because they can’t attract talent with competitive government wages.
I don’t agree. We need certifications for people who handle the data and better training. We should also require basic things like hashing passwords and having clouds where it is much harder to put data in public buckets.
All it takes is one junior employee to make a mistake one day copying a file.
