|
Blue Footed Booby posted:There's also the issue that security is impossible to maintain without compliance of employees, most of which are thoroughly unqualified to understand what they're complying with. Hell is in fact other people. And if you do try to test their compliance and send them for re-training (not termination) if they don't pass, you get called a heartless rear end in a top hat. GoDaddy sent a phishing email to their employees promising a Christmas bonus, and then got roundly criticized for "making the offer too inviting" as if that isn't the whole issue with phishing!
|
# ¿ Jan 13, 2021 21:39 |
|
|
# ¿ May 14, 2024 06:49 |
|
The civil standard of negligence should be applicable. If I'm operating a business and I leave a bunch of credit card numbers lying around where anyone can see them, it's a crime to break in and steal them, but it's also negligent on my part to store them in an insecure fashion. If I kept them in a cardboard box that says "confidential!" that's still a bit poo poo, but slightly less negligent. If I stored them in a safe, and I didn't leave the key nearby, that's appropriate precaution on my part, even if the thief breaks into the safe.
|
# ¿ Jan 17, 2021 02:44 |
|
Still Dismal posted:What is the current law on affirmatively having to secure sensitive information? Are their minimum technical standards or safeguards that have to be employed, or is it a case by case, “if your poo poo gets stolen because your credit card company didn’t secure it enough, sue them and try your luck in court” kind of thing? Specifically as concerns credit card numbers, I believe the regulations are specified by the Payment Card Industry group, and if you are audited and found to be violating them, good luck having credit cards processed anymore! You might also be liable for any losses that result, subject to the terms of your contract with the credit card processor, but I'm not sure.
|
# ¿ Jan 17, 2021 16:32 |