(alexschapiro.com)

561 points bearsyankees | 2 comments | 12 May 25 16:39 UTC | HN request time: 0s | source

Show context

ungreased0675 ◴[12 May 25 18:30 UTC] No.43966133[source]▶

I would like to see laws that make storing PII as dangerous as storing nuclear waste. Leaks should result in near-certain bankruptcy for the company and legal jeopardy for the people responsible.

That’s the best way I can think of to align incentives correctly. Right now there’s very little downside to storing as much user information as possible. Data breach? Just tweet an apology and keep going.

replies(2): >>43966149 #>>43967701 #

1. hiatus ◴[12 May 25 18:32 UTC] No.43966149[source]▶

>>43966133 #

> I would like to see laws that make storing PII as dangerous as storing nuclear waste.

This is a little extreme IMO. PII encompasses a lot of data, including benign things like email address stored only for authentication and contact purposes.

replies(1): >>43967395 #

2. pixl97 ◴[12 May 25 20:58 UTC] No.43967395[source]▶

>>43966149 (TP) #

I mean, we could consider email like light waste, can't dump it in the environment like plastic trash, but if you handle it correctly with cheap disposal methods it will be ok.

Things like photos of IDs/passports should be considered yellowcake.

↑

I hacked a dating app (and how not to treat a security researcher)