Ashley Madison: When Will Privacy Breach Responsibility to be taken as seriously as other security liabilities for infringement

12:43:00 PM
Ashley Madison: When Will Privacy Breach Responsibility to be taken as seriously as other security liabilities for infringement -

in the wake of privacy breach Ashley Madison, people have killed themselves. This is a violation that should not be different from a breach of any other promise of a security provider: it has been the case for years that when privacy is violated, people die. It just occurred in remote areas where the West can Drone people on the basis of monitoring data without new teams much more about relationships. With people dying of Ashley Madison violation, the very real benefits of breaches of privacy becomes more visible and tangible.

People in the sphere of privacy have long talked about how data breaches are not only the fault of a "rogue hacker", as traditional media (with interest considerable in the matter) would like to put it, but also a matter of following best practices for privacy and having the strong safety engineering. If you do not build a bridge for best practices, people die. If you do not build a computer system with best practices, people die. Why the supplier's fault in one case but not the other?

In other words, why always the privacy your own responsibility, and never the responsibility of those who promise to you?

In this case, we have a database of twenty million people seeking to break someone's trust. Regardless of what you think, as such, it is undoubtedly very sensitive information in a database that Ashley Madison has promised to keep private - even heftily responsible for removing profiles (which, it is turned out, was not actually made). There are thousands and thousands of other companies that have sensitive data on you in various forms, and even promised you in various ways to preserve that trust.

Unfortunately, these promises are mostly in the form of "privacy policies" that have something in common with the "Environmental Policy", "diversity policies" and "the responsibility policies social ", in that the more often they are write only documents: they tick in a box, rather than something to be read ever - and much less respected. "Do you have a privacy policy? Yes, we have a privacy policy. "(" What is that? I have no clue. ")

From experience we can say that companies generally do not care the least to protect your private data. - mainly because there is no penalty whatsoever to ignore their own privacy policies They can sell a promise that does not exist, one that never was the intention to respect (or even aware of what was written promise!) and there are no consequences.

Compare to a "security policy building construction," which is certainly not a document for writing only: he read thousands of times a day on construction sites to ensure that people do not die of lower quality engineering. In addition, construction engineers who are ordered to cut corners blankly refuse to do so on the professional conduct while in software engineering, it is rare that software engineers are not even aware that they are the corners of safety and security of cutting. There is no obligation to keep your promises. There is not even a requirement to be aware of what security you promised.

When someone throws their sneakers to the concrete base of a building and it collapses mild impact of an ordinary time, we don 't blame the person blows foot (the "hacker"). We blame the builders who obviously tried to get away with cheap cornercut lower engineering. Why is it not also the case with software engineering and databases containing sensitive private data?

Privacy is security.

An invasion of privacy must be considered as serious as any other breach of security.

In the meantime, unfortunately, your private life is your own responsibility.

Previous
Next Post »
0 Komentar