Security Breaches Cost More Than Money
User data doesn’t always have an obvious price tag — so legislation is still required to protect it.
A basic set of user rights on the Internet is a must. Kevin Poulsen, you’ve asked the right question of whether it’s feasible to create helpful legislation that is neither too specific or too broad to be effective. Sam Quigley also makes a great suggestion of limiting consumer fraud liability to a maximum of $50, in order to shift the incentive of fraud reduction to the payment provider. This idea works well when fraud and specific dollar losses are involved.
The challenge, however, is dealing with sensitive data disclosures that do not have a direct financial loss. There is no strict dollar amount when a webcam vulnerability leaks video footage of a home. Nor is there a defined dollar loss associated with a dating application that insecurely transmits location data that can be monitored by others. These situations can impact the health and safety of individuals yet application developers have little incentive, aside from public backlash, to implement security to protect user information.
We shouldn’t let the lack of a defined dollar loss stop us from doing what we know is right.
Applications that handle sensitive user data must be accountable to a basic set of security expectations. The internet is integrated into all aspects of our lives and it’s time to put the security of sensitive user data as a top priority.
The Future of Security Roundtable is a Google-sponsored initiative that brings together thought leaders to discuss how we can best protect ourselves from the data breaches and security risks of tomorrow. Panelists are not affiliated with Google, and their opinions are their own. Read the post that kicked off the roundtable here and feel free to join in the conversation.