In the article, the author introduces about the reason why it is hard to punish the companies for data breaches. Sometimes the companies did everything right. Data breaches are because of unlucky, so it is unfair and unproductive to punish them. The hardest part is to determine where the line is between companies that do their due diligence and those that are negligent. Companies do not spend much money on protecting their data. For the companies have data breaches, they should face a combination of consequences that included both fines and corrective security measures. The fines would need to be hefty enough to motivate greater investment in data security and cover their customers’ losses. That makes them understand it is time-consuming and money-consuming if they do not protect data well.
https://www.nytimes.com/2018/10/16/opinion/facebook-data-breach-regulation.html?rref=collection%2Ftimestopic%2FComputer%20Security%20(Cybersecurity)&action=click&contentCollection=timestopics®ion=stream&module=stream_unit&version=latest&contentPlacement=3&pgtype=collection
Hi Xinteng,
I agree with you that there should be significant consequences when a data breach occurs in an organization. My article on facebook data breach similarly reflect this issues. There should be strict laws to protect our data.
It is difficult to determine whether a company was negligent in its security practices and to calculate the monetary value of stolen personal information and the harms inflicted on the people whose data was breached.
Hi Xinteng, your article seems very interesting. But, just friendly remind that I cannot find the link to your article,
https://www.nytimes.com/2018/10/16/opinion/facebook-data-breach-regulation.html