What Penalty Should Negligent/Incompetent Companies Face When Exposing User Data? T-Mobile Data Breach
I have not been a customer of T-Mobile for something like 20 years.
And yet I received this disturbing letter just recently, detailing a security breach that may have exposed my “name, driver’s license/ID information, date of birth, Social Security number”. In other words, nothing but the most important stuff relating to identity theft.
What business do these corporate crooks have in keeping that sort of sensitive information on me for 20+ years, and in unencrypted form as well? It is not just incompetence, but gross negligence (to not encrypt it), and willfully keeping information which has no legitimate business purpose.
My compensation for my risks are “free” ID theft protection, which means entering my personal information into yet another web form (taking my time and energy to do so), and then being harrassed to pay for it in subsequent years after the free period. I already have such protection from yet another data breach—and I’m paying for it every year.
No, what I want is full indemnnification against identity theft or damage to my credit of any kind, as well as immediate compensation to the tune of $1000 or so.
That would get the attention of these incomepetent and grossly negligent jackasses at T-Mobile and other companies to do simple math: a data breach of a million customers at $1000 each would mean a $1 billion dollar liability. Their shit-grade security practices would be cleaned up quickly. Right now, a leak is just a minor business headache not to be taken very seriously.
Why can’t the US Congress do something useful for the American people, and clean this mess up? Unfortunately, corporations largely own the Congress, so it’s not going to happen.
But were it were to come to pass, at, say, $1000 per customer for leaking SSN or ID, only the most necessary data would be collected. Much of the problem would vanish overnight, as corporations would fear the massive financial penalty, and would quickly realize that they do not really need that information.
It’s about time consumers had real control of their data, and the only way to achieve that is to make it financially risky for corporations to retain it.