We can be smarter than this. We need to regulate what corporations can do with our data at every stage: collection, storage, use, resale and disposal. We can make corporate executives personally liable so they know there’s a downside to taking chances. We can make the business models that involve massively surveilling people the less compelling ones, simply by making certain business practices illegal.
Data is a toxic asset. We need to start thinking about it as such, and treat it as we would any other source of toxicity. To do anything else is to risk our security and privacy.
This piece by Bruce Schneier is worth revisiting in light of yesterday’s Equifax breach. We’re in the middle of a fresh wave of outrage over it but, as that fades, we should remember that we can do better than this. Companies and organizations that hold and collect our personal information can do better than this1.
There will be more breaches and we’ll have to deal with the fallout, but we shouldn’t be apathetic about it. Any company that collects that much data about the public should be held to higher standards when storing it (or, better yet, shouldn’t store it at all). An insincere apology and a free year of some service provided by the company that failed to protect our data in the first place isn’t good enough.
They might consider starting by patching nine year old vulnerabilities before they’re exploited. ↩