this post was submitted on 07 Aug 2024
516 points (98.5% liked)

Technology

59589 readers
2936 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
516
2.9 billion hit in one of the largest data breaches ever — full names, addresses and SSNs exposed (www.tomsguide.com)
submitted 3 months ago by fmstrat@lemmy.nowsci.com to c/technology@lemmy.world
142 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Ebby@lemmy.ssba.com 29 points 3 months ago (12 children)

Alrighty, brainstorming time people. If you could write some practical laws, what protections do we need to stop these from happening.

I'm thinking 3 categories: Reporting, oversight, and accountability.

Reporting: all entities holding personally identifiable information (PII) must reach out once every 12 months. This hopefully unveils seedy brokers relying on obscurity. Maybe a policy to postpone notification up to 5 years (something like that) may be available as opt-in.

Oversight: targets of PII have oversight of what is collected/used. Sensitive information may be purged permanently upon request.

Accountability: set minimum fines for types of data stored. This monetary risk can then be calculated and factored into business operations. Unnecessary data would be a liability and worth purging.

[–] RegalPotoo@lemmy.world 22 points 3 months ago* (last edited 3 months ago) (1 children)

Ok, bit of an outlandish idea, but how about something like:

  • Decree that information about a person is the property of that person, and therefore cannot be possessed without compensation. Think of it like intellectual property, but for your personal information
  • Set a standard royalty - say $0.05/year - that must be paid to the owner of that information for as long as that information is held. This forms an incentive to not hold information you don't need, and gives visibility to all the places that are now forced to contact you every year to pay you the royalty
  • Places where you have an explicit contractual relationship with (utilities, banks, ...) could have a clause to set the royalty at $0.00, but this can't be extended to third parties - strong incentive not to transfer information to third parties
  • Unauthorised transfer or loss of information could be considered IP theft, and result in significant civil penalties
[–] Ebby@lemmy.ssba.com 5 points 3 months ago* (last edited 3 months ago)

Wow, you just reminded me of a data use policy I wrote up when I was young and sent a data broker after a security breach!

They laughed at me.

You and I think alike here.

load more comments (10 replies)