DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

What’s with the increasing demands to have breached entities fined?

Posted on November 4, 2010 by Dissent

There’s been a growing clamor both here and abroad to have entities who have had data breaches fined. And while the ICO has been promising that such fines are “imminent” and will be announced before the end of this month, I find myself wondering why we, the public, are becoming increasingly strident in our call for fines.

Is the desire to see Google fined for its wi-fi mess with Street View or Facebook fined for its numerous privacy problems a matter of schadenfreude because we enjoy seeing others suffer, or is it that we want to see the mighty fall — or is it that we want some small measure of revenge or justice for them having breached or compromised our privacy? Or is it that we’re angry at what appears to be a double standard: that if we make huge mistakes or violate laws, we pay a price, and these companies should, too?

Mulling some possible explanations over, I came up with another thought. As every parent quickly learns, if you keep threatening consequences but never follow through, your threats become empty and meaningless. And maybe that’s what some of this is all about. For a long time, entities have been given dire warnings about what might be, but if it never comes to pass, the warnings lose their effectiveness.

Even though the UK’s ICO, our FTC, and our HHS/OCR have the authority to impose fines, only the FTC has done so to date. Despite the tens of thousands of complaints it has received, HHS has not imposed a single fine for violation of HIPAA or HITECH. It has permitted three resolution agreements, but has not used its power to fine effectively as a deterrent. And so we see some state attorneys general pursuing lawsuits over data breaches while the federal agencies who could be imposing fines are not doing so. A few well-publicized fines would give IT professionals and lawyers the ammo they need to go back to their clients and say, “Look, if you don’t do this right, you could be the next big fine.”

But then again, maybe it all boils down to the public wanting to know that our governments are serious about addressing security and privacy breaches. And maybe the increasingly strident demands for fines is really our way of saying to our respective governments, “If you want us to believe you’re really taking this seriously, then make them put their money where your mouth is.”

What do you think? Should there be more federal fines over breaches or are such fines more likely to backfire as more entities decide to try to hide breaches for fear of fines?

Are you satisfied with how your government has responded to breaches?

Update: Cervello Consultants thinks that the fines are needed in the UK.

No related posts.

Category: Commentaries and AnalysesOf Note

Post navigation

← Capitol Hill credit card fraud wave tied to Broadway Grill
Four plead guilty to stealing cash from victims’ bank accounts, identity theft →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.