A US court has decided that companies that are negligent when it comes to data protection can be fined, if hacked.
From a privacy perspective, this is good news. There are far too many cases where companies are so lax when it comes to IT security and data protection that they are just as responsible for privacy breaches as the hackers.
As an example we have the Swedish / Danish cases against Gottfrid Svartholm Warg — totally focused on the alleged hacker but with no serious attention directed towards the broad negligence at the hacked companies. (In this case it seems that some vulnerabilities have not been addressed even after the case has been closed.)
We should also remember that many companies promise more than they can live up to in their privacy policies, thus misleading people. This should open up the possibility of civil litigation.
Hopefully, now companies (and government institutions) will take data protection more seriously.
Link: Court Says the FTC Can Slap Companies for Getting Hacked »
One thought on “Both hackers and negligent companies to be held responsible for data protection breaches”