Most active commenters

    ←back to thread

    Redbox left PII on decommissioned machines

    (digipres.club)
    294 points NotPractical | 12 comments | 16 Oct 24 00:15 UTC | HN request time: 0.503s | source | bottom
    Show context
    larodi ◴[16 Oct 24 06:22 UTC] No.41856126[source]
    Are there any laws in any country governing how such equipment is supposed to be decommissioned in case if bankruptcy?

    This does not seem to be an isolated case, it just happening more and more with advance of technology.

    replies(1): >>41856290 #
    1. nextlevelwizard ◴[16 Oct 24 06:54 UTC] No.41856290[source]
    What are they going to do? Sue the bankrupted company?
    replies(5): >>41856539 #>>41856597 #>>41857315 #>>41857888 #>>41865330 #
    2. michaelt ◴[16 Oct 24 07:37 UTC] No.41856539[source]
    If instead of a load of old computers the bankrupt company had a pile of old tyres, I'd expect the receivers winding up the bankrupt company would dispose of the old tyres properly, paid for with the company's assets before anything is distributed to creditors.
    replies(1): >>41856630 #
    3. Cthulhu_ ◴[16 Oct 24 07:47 UTC] No.41856597[source]
    When a company goes bankrupt, a curator comes in who oversees the decomissioning of the company and its assets; I don't know if a curator is a government agent or a private company (probably either), but they become responsible for the company and in this case the customer data.
    4. nextlevelwizard ◴[16 Oct 24 07:52 UTC] No.41856630[source]
    If someone creates this fucked up compute stack and handles the customer data this poorly, what makes you think they would be any better at disposal even if there was some laws around it? It is not like law makers have any idea either what is going on.
    replies(1): >>41857581 #
    5. larodi ◴[16 Oct 24 09:55 UTC] No.41857315[source]
    Or perhaps make sure it gets sanitised before refurbished and resold. I mean bankruptcy always means debt collector tries to sale assets to cover for losses, no?

    But this does not answer my question. So basically many people here are unaware where such legal framework exist at all.

    6. BlueTemplar ◴[16 Oct 24 10:41 UTC] No.41857581{3}[source]
    They are not the company under discussion.
    7. scott_w ◴[16 Oct 24 11:29 UTC] No.41857888[source]
    If a company dealing in toxic chemicals goes bankrupt, is it functionally legal to just dump them in the nearby river? I’d be amazed if countries don’t have legal processes in place to deal with situations like this and maybe the courts haven’t caught up to this use case?
    replies(3): >>41857921 #>>41860842 #>>41864330 #
    8. relaxing ◴[16 Oct 24 11:36 UTC] No.41857921[source]
    We need a Superfund for data spills.
    9. 01HNNWZ0MV43FF ◴[16 Oct 24 16:13 UTC] No.41860842[source]
    I think there's supposed to be an escrow account where you say like "I'm going to handle X amount of petrol / nuclear material, here's a big pile of cash set aside for cleanup if I dissolve"

    One could do the same for pii. Of course it's cheaper not to, so I'm not sure if anyone actually does this kind of insurance policy

    10. consteval ◴[16 Oct 24 22:07 UTC] No.41864330[source]
    I think historically in the US that's exactly how it's been done, and then we just clean it up later (or never). In the meantime a bunch of people get sick
    replies(1): >>41873375 #
    11. jojobas ◴[17 Oct 24 00:42 UTC] No.41865330[source]
    It would require setting aside some amount in escrow to be used in proper asset sanitation in case of bankruptcy, or at least sanitation getting some priority in asset liquidation proceeds.
    12. scott_w ◴[17 Oct 24 20:22 UTC] No.41873375{3}[source]
    I don’t know the US system but in the UK you have two basic routes to running a business: sole trader or LLC.

    In the former, short of dying, it’s not possible to “disappear,” because you’re personally liable for everything. I’d guess that includes data breaches.

    In the latter, it’s also not really possible because the company must be wound up if it goes bankrupt. In the worst case, the government appoints administrators to wind the company up, who would be responsible for handling the assets.

    Now, if the processes aren’t up to scratch, maybe that’s a thing that needs to be fixed, but the structure is there to do it. At least in the UK.