DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

What’s with the increasing demands to have breached entities fined?

Posted on November 4, 2010 by Dissent

There’s been a growing clamor both here and abroad to have entities who have had data breaches fined. And while the ICO has been promising that such fines are “imminent” and will be announced before the end of this month, I find myself wondering why we, the public, are becoming increasingly strident in our call for fines.

Is the desire to see Google fined for its wi-fi mess with Street View or Facebook fined for its numerous privacy problems a matter of schadenfreude because we enjoy seeing others suffer, or is it that we want to see the mighty fall — or is it that we want some small measure of revenge or justice for them having breached or compromised our privacy? Or is it that we’re angry at what appears to be a double standard: that if we make huge mistakes or violate laws, we pay a price, and these companies should, too?

Mulling some possible explanations over, I came up with another thought. As every parent quickly learns, if you keep threatening consequences but never follow through, your threats become empty and meaningless. And maybe that’s what some of this is all about. For a long time, entities have been given dire warnings about what might be, but if it never comes to pass, the warnings lose their effectiveness.

Even though the UK’s ICO, our FTC, and our HHS/OCR have the authority to impose fines, only the FTC has done so to date. Despite the tens of thousands of complaints it has received, HHS has not imposed a single fine for violation of HIPAA or HITECH. It has permitted three resolution agreements, but has not used its power to fine effectively as a deterrent. And so we see some state attorneys general pursuing lawsuits over data breaches while the federal agencies who could be imposing fines are not doing so. A few well-publicized fines would give IT professionals and lawyers the ammo they need to go back to their clients and say, “Look, if you don’t do this right, you could be the next big fine.”

But then again, maybe it all boils down to the public wanting to know that our governments are serious about addressing security and privacy breaches. And maybe the increasingly strident demands for fines is really our way of saying to our respective governments, “If you want us to believe you’re really taking this seriously, then make them put their money where your mouth is.”

What do you think? Should there be more federal fines over breaches or are such fines more likely to backfire as more entities decide to try to hide breaches for fear of fines?

Are you satisfied with how your government has responded to breaches?

Update: Cervello Consultants thinks that the fines are needed in the UK.

No related posts.

Category: Commentaries and AnalysesOf Note

Post navigation

← Capitol Hill credit card fraud wave tied to Broadway Grill
Four plead guilty to stealing cash from victims’ bank accounts, identity theft →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hunters International to provide free decryptors for all victims as they shut down (1)
  • SEC and SolarWinds Seek Settlement in Securities Fraud Case
  • Cyberattacks Disrupt Iran’s Bread Distribution, Payments Remain Frozen
  • Hacker with ‘political agenda’ stole data from Columbia, university says
  • Keymous+ Hacker Group Claims Responsibility for Over 700 Global DDoS Attacks
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • DOJ investigates ex-ransomware negotiator over extortion kickbacks
  • Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns
  • One in Five Law Firms Hit by Cyberattacks Over Past 12 Months
  • U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute
  • Wisconsin Supreme Court’s Liberal Majority Strikes Down 176-Year-Old Abortion Ban

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.