DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

What’s with the increasing demands to have breached entities fined?

Posted on November 4, 2010 by Dissent

There’s been a growing clamor both here and abroad to have entities who have had data breaches fined. And while the ICO has been promising that such fines are “imminent” and will be announced before the end of this month, I find myself wondering why we, the public, are becoming increasingly strident in our call for fines.

Is the desire to see Google fined for its wi-fi mess with Street View or Facebook fined for its numerous privacy problems a matter of schadenfreude because we enjoy seeing others suffer, or is it that we want to see the mighty fall — or is it that we want some small measure of revenge or justice for them having breached or compromised our privacy? Or is it that we’re angry at what appears to be a double standard: that if we make huge mistakes or violate laws, we pay a price, and these companies should, too?

Mulling some possible explanations over, I came up with another thought. As every parent quickly learns, if you keep threatening consequences but never follow through, your threats become empty and meaningless. And maybe that’s what some of this is all about. For a long time, entities have been given dire warnings about what might be, but if it never comes to pass, the warnings lose their effectiveness.

Even though the UK’s ICO, our FTC, and our HHS/OCR have the authority to impose fines, only the FTC has done so to date. Despite the tens of thousands of complaints it has received, HHS has not imposed a single fine for violation of HIPAA or HITECH. It has permitted three resolution agreements, but has not used its power to fine effectively as a deterrent. And so we see some state attorneys general pursuing lawsuits over data breaches while the federal agencies who could be imposing fines are not doing so. A few well-publicized fines would give IT professionals and lawyers the ammo they need to go back to their clients and say, “Look, if you don’t do this right, you could be the next big fine.”

But then again, maybe it all boils down to the public wanting to know that our governments are serious about addressing security and privacy breaches. And maybe the increasingly strident demands for fines is really our way of saying to our respective governments, “If you want us to believe you’re really taking this seriously, then make them put their money where your mouth is.”

What do you think? Should there be more federal fines over breaches or are such fines more likely to backfire as more entities decide to try to hide breaches for fear of fines?

Are you satisfied with how your government has responded to breaches?

Update: Cervello Consultants thinks that the fines are needed in the UK.

Category: Commentaries and AnalysesOf Note

Post navigation

← Capitol Hill credit card fraud wave tied to Broadway Grill
Four plead guilty to stealing cash from victims’ bank accounts, identity theft →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.