DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

What’s with the increasing demands to have breached entities fined?

Posted on November 4, 2010 by Dissent

There’s been a growing clamor both here and abroad to have entities who have had data breaches fined. And while the ICO has been promising that such fines are “imminent” and will be announced before the end of this month, I find myself wondering why we, the public, are becoming increasingly strident in our call for fines.

Is the desire to see Google fined for its wi-fi mess with Street View or Facebook fined for its numerous privacy problems a matter of schadenfreude because we enjoy seeing others suffer, or is it that we want to see the mighty fall — or is it that we want some small measure of revenge or justice for them having breached or compromised our privacy? Or is it that we’re angry at what appears to be a double standard: that if we make huge mistakes or violate laws, we pay a price, and these companies should, too?

Mulling some possible explanations over, I came up with another thought. As every parent quickly learns, if you keep threatening consequences but never follow through, your threats become empty and meaningless. And maybe that’s what some of this is all about. For a long time, entities have been given dire warnings about what might be, but if it never comes to pass, the warnings lose their effectiveness.

Even though the UK’s ICO, our FTC, and our HHS/OCR have the authority to impose fines, only the FTC has done so to date. Despite the tens of thousands of complaints it has received, HHS has not imposed a single fine for violation of HIPAA or HITECH. It has permitted three resolution agreements, but has not used its power to fine effectively as a deterrent. And so we see some state attorneys general pursuing lawsuits over data breaches while the federal agencies who could be imposing fines are not doing so. A few well-publicized fines would give IT professionals and lawyers the ammo they need to go back to their clients and say, “Look, if you don’t do this right, you could be the next big fine.”

But then again, maybe it all boils down to the public wanting to know that our governments are serious about addressing security and privacy breaches. And maybe the increasingly strident demands for fines is really our way of saying to our respective governments, “If you want us to believe you’re really taking this seriously, then make them put their money where your mouth is.”

What do you think? Should there be more federal fines over breaches or are such fines more likely to backfire as more entities decide to try to hide breaches for fear of fines?

Are you satisfied with how your government has responded to breaches?

Update: Cervello Consultants thinks that the fines are needed in the UK.

Related:

  • In 2023, Resolve to Fix Your Organization’s Meta…
  • "I'm Not Pro-Russia and I'm Not a Terrorist!" —-…
  • The Secret IRS Files: Trove of Never-Before-Seen…
  • I had been chatting with a blackhat. They had been…
  • The Ransomware Superhero of Normal, Illinois
Category: Commentaries and AnalysesOf Note

Post navigation

← Capitol Hill credit card fraud wave tied to Broadway Grill
Four plead guilty to stealing cash from victims’ bank accounts, identity theft →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Liberty Township in Ohio has recovered its network after a ransomware attack
  • Marquette County Medical Care Facility discloses data breach
  • Industry Letter – June 23, 2025: Impact to Financial Sector of Ongoing Global Conflicts
  • MNGI Digestive Health settles class action lawsuit stemming from BlackCat attack
  • Four REvil ransomware members released after time served on carding charges
  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.