• Welcome to Religious Forums, a friendly forum to discuss all religions in a friendly surrounding.

    Your voice is missing! You will need to register to get access to the following site features:
    • Reply to discussions and create your own threads.
    • Our modern chat room. No add-ons or extensions required, just login and start chatting!
    • Access to private conversations with other members.

    We hope to see you as a part of our community soon!

Should Companies be Responsible for Data Breaches?

John53

John53

I go leaps and bounds
Premium Member
Optus data breach: who is affected, what has been taken and what should you do?

Australia's 2nd largest telco has had a cyber attack that may have exposed the personal details of up to 9.7 million customers. This is a fairly common occurrence these days.

Should companies be held responsible for these data breaches if their customers become victims of identity theft because of them? Even if the customer isn't directly affected there's still the concern of what could happen and the time needed to safe guard yourself (check accounts, change passwords etc.). Or is the company just a victim of crime?
 
MikeF

MikeF

Well-Known Member
Premium Member
John53 said:
Optus data breach: who is affected, what has been taken and what should you do?

Australia's 2nd largest telco has had a cyber attack that may have exposed the personal details of up to 9.7 million customers. This is a fairly common occurrence these days.

Should companies be held responsible for these data breaches if their customers become victims of identity theft because of them? Even if the customer isn't directly affected there's still the concern of what could happen and the time needed to safe guard yourself (check accounts, change passwords etc.). Or is the company just a victim of crime?
Click to expand...

What if the company (which in most cases is not a tech company) relies on 3rd party experts to design and implement their protection, or for that matter, the inherent vulnerability of a widely adopted operating platform such as Microsoft Windows. If a company makes good faith concerted effort to protect the system, but fails, how much responsibility for damages should they be responsible for? Perhaps this is just one more area in which companies need to obtain additional specific insurance as the cost of doing business.
 
Last edited:
Stevicus

Stevicus

Veteran Member
Staff member
Premium Member
John53 said:
Optus data breach: who is affected, what has been taken and what should you do?

Australia's 2nd largest telco has had a cyber attack that may have exposed the personal details of up to 9.7 million customers. This is a fairly common occurrence these days.

Should companies be held responsible for these data breaches if their customers become victims of identity theft because of them? Even if the customer isn't directly affected there's still the concern of what could happen and the time needed to safe guard yourself (check accounts, change passwords etc.). Or is the company just a victim of crime?
Click to expand...

I think they should bear some responsibility, since there's a reasonable expectation that their information would be secured.

But even if not, it's worthwhile to know just how secure their system is, so that customers can make informed choices as to whether they want to do business with them or not. It wouldn't look good if their response is "It's not our fault. Those darn hackers are just smarter and better at computers than we are!"
 
John53

John53

I go leaps and bounds
Premium Member
MikeF said:
What if the company (which in most cases is not a tech company) relies on 3rd party experts to design and implement their protection, or for that matter, the inherent vulnerability of a widely adopted operating platform such as Microsoft Windows. If a company makes good faith concerted effort to protect the system, but fails, how much responsibility for damages should they be responsible for? Perhaps this is just one more area in which companies need to obtain additional specific insurance as the cost of doing business.
Click to expand...

It's a complicated question and I have no idea what the answer is. I had a hard time trying to work out how to pose the question.
 
Truth in love

Truth in love

Well-Known Member
John53 said:
Optus data breach: who is affected, what has been taken and what should you do?

Australia's 2nd largest telco has had a cyber attack that may have exposed the personal details of up to 9.7 million customers. This is a fairly common occurrence these days.

Should companies be held responsible for these data breaches if their customers become victims of identity theft because of them? Even if the customer isn't directly affected there's still the concern of what could happen and the time needed to safe guard yourself (check accounts, change passwords etc.). Or is the company just a victim of crime?
Click to expand...


Lots of details.

1. What did they agree to do in terms of cyber security and did they do it?
2. Are the a government granted monopoly or are people free to pick who provides the service?
3. What are the best practices and are they being followed?


Ultimately the crooks should be held accountable. We if companies are liable for the cost bad people inflict on others we will have no companies much longer. The cost to the car maker for each DUI fatality will end them.
 
John53

John53

I go leaps and bounds
Premium Member
Truth in love said:
Lots of details.

1. What did they agree to do in terms of cyber security and did they do it?
2. Are the a government granted monopoly or are people free to pick who provides the service?
3. What are the best practices and are they being followed?
Click to expand...

I don't know about 1 and 3 but they are not a government monopoly.


Ultimately the crooks should be held accountable. We if companies are liable for the cost bad people inflict on others we will have no companies much longer. The cost to the car maker for each DUI fatality will end them.
Click to expand...

I agree with who should be accountable but it seems almost impossible to catch them and there are claims that some of it is being done by foreign governments.

I get your point but I think the car one is a bit different. If companies keep our personal details they should be responsible for the security of them. A car company shouldn't be responsible for the behaviour of drivers... in my opinion.
 
MikeF

MikeF

Well-Known Member
Premium Member
John53 said:
It's a complicated question and I have no idea what the answer is. I had a hard time trying to work out how to pose the question.
Click to expand...

Perhaps the solution is to make the information stored in a company's servers perishable. I'm not a computer person, but if there was a way to make name, address, social security number, birthdate meaningless and instead, when a transaction is negotiated, a unique digital signature is created that relates only to the consumer, the vendor, and their respective financial institutions. If a hacker steals this signature, it would be useless outside of the vendors system, and in the vendors system could only transfer assets between the consumer and vendor.

I think we may be getting to this stage with tw0-step verification, etc. Hopefully we will get to the point where there is nothing useful for hackers to steal. Well, in regards to consumers anyway. There will always be a market for intellectual property, trade secrets, and government info/secrets, etc.
 
ChristineM

ChristineM

"Be strong", I whispered to my coffee.
Premium Member
It is taken as given that companies who hold personal data take measures to protect your data.

Secure servers behind firewalls (or even isolated) and data encryption should be minimum standard practice. Unfortunately its not, the companies who are loath to invest in data security should be held responsible.
 
You must log in or register to reply here.
Top