In a column at InfoWorld, Paul Venezia says there should be more laws to hold companies responsible for protecting the private data they gather on individuals:
Laws have never been able to keep up with the pace of technology. Tragically, it often takes a highly publicized event of gross malfeasance to rattle the legal system into enacting measures that address the gap.
The lack of stoplights and driving laws at the advent of the automobile, the dearth of workplace safety regulations in the age of the American sweatshop — time and again, tragedy precedes legislation, even when common sense would suggest otherwise. And with the onslaught of technology only accelerating, we place ourselves increasingly in the crosshairs in more and more corners of our daily life, with little legal aid in sight. […]
What other industries will have to burn to the ground before we act to reduce the damage that can be caused by a lack of commonsense legislation? The retail industry and credit-card processing, most likely. I’ve spoken out about this before, following the last massive security breach, but it’s apparently happened again. […]
This is where regulations need to catch up to technology — quickly. We need to penalize companies that cause large-scale data breaches impacting millions of people. Before you argue otherwise, these companies do cause these breaches; they are not victims.
We need to declare personal data as a private, regulated commodity. If they are going to collect and maintain data on their customers that can be used by bad actors to steal money and the identities of those customers, they need to be held accountable in ways significant enough that the markets do care. Only then will we see actual change in the way that data is managed and secured.