DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Editorial: Let me make my own decisions, thankyouverymuch

Posted on June 4, 2011 by Dissent

The recent spate of hacks against Sony networks as well as a Congressional hearing where representatives of Sony and Epsilon testified about their recent breaches have  stimulated another round of discussions about whether we need a federal breach disclosure law that preempts state laws, and if so, what the threshold or trigger should be for notification.

Security professionals and those who follow these issues have seemingly split on the issue of whether notice should always be provided.  Some argue that if consumers were to be notified of every single breach involving their information, “breach notice fatigue” would set in, consumers would become numb, and they would wind up ignoring breach notices that might really require they take affirmative action to protect themselves.   What’s the point, some argue, of notifying people of a breach if there’s nothing they can do to prevent harm?  Those who take this position tend to argue that notice should only be required if there is some real “risk” to the consumer, usually framed as financial fraud or identity theft. Others agree there should be a risk threshold, but argue that some risks are greater than breached entities may acknowledge and/or that there are other kinds of risks, necessitating a lower threshold for notification than many corporations might want.

Yet other professionals and privacy advocates argue that every breach involving personal information should result in notification.  For some, the rationale is that it is a matter of trust and ethics – that if a company promised to protect privacy and security and failed to do so, they need to let the consumer know.  Others argue that entities that have been breached have a bias in determining the risk to the consumer and may underplay the risk so that they do not have the expense and potential reputation harm of having to notify consumers.  And yet others – this privacy advocate included – argue that the consumer has a need to and right to make their own decisions about whether there is anything they need to do and they cannot make that decision if information is withheld from them.

Last night on Twitter, I tweeted, “So if 1m ppl might get confused/numbed, does that mean I don’t have to be notified when I want to be informed?”  Somewhat stunningly, one of the discussants answered,  “Yes.”

Even if 99% of the public doesn’t care if they are notified, even if many or even most people might suffer breach notice fatigue,  I do not consent to my individual right to be waived by others.   Paternalistic arguments about protecting me from breach notice fatigue fall into the same category as arguments for censoring content because children need protection and the government knows best.

If you collected my data, protect it.  And if you didn’t, tell me.  I’ll take responsibility for my action or inaction after that, but don’t cover up your security failure in my name.  It just won’t fly.

I recognize that some will correctly point out that the only right I have is a right recognized by a court.  That’s why it is so important for Congress to affirm consumers’ right to be informed of privacy or data breaches so that consumers can make informed decisions.  We shouldn’t be told that what should be our decision has been outsourced to a breached entity or a federal agency.

 

Carousel image credit: © Nikolai Sorokin | Dreamstime.com

Related posts:

  • Court guts much of class action lawsuit against Sony over data breach, but some claims remain
  • More from the Sony Pictures hack: Budgets, Layoffs, HR scripts, and 3,800 SSN
Category: Commentaries and AnalysesFederalOf Note

Post navigation

← What impact will the Sony and Infragard hacks have?
Pointer/reference: Chronology of recent Sony incidents →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.