PII Leak Liability
Discussions center on a company's exposure of sensitive personal data (PII), highlighting privacy violations, legal liabilities, compliance failures, negligence, and potential repercussions.
Activity Over Time
Top Contributors
Keywords
Sample Comments
A bit weird to have a company working with such sensitive data not care about privacy.
Throw the book at them. This is highly confidential data, with massive misuse potential. Don't do the crime if you can't do the time, and this sounds deliberate, not accidental or momentary lapse type of thing.
From the customer's perspective, does it matter how their data got out?
Sounds like a potential compliance issue too, if you work with sensitive data.
Are there privacy issues with the data being exfiltrated?
It's rather lengthy and contains lots of repeated verbiage but I didn't see anywhere in it penalties for unauthorized access or leaking of the PII collected. It lists the purpose for collecting the data, what they intend to use it for, and states it cannot be used for purposes other than those listed in the bill but without consequences for violating those provisions, there's little reason for the organizations who are given access to this data to treat it with respect and secure
Depending on what jurisdiction you're in, it still could be a legal risk due to PII leaking.
>Perhaps they dont want any inadvertent leaks of the data to a third party?Little late for this.
What liability is there for not providing data you don't have?
There may be liability attached. But this reads more like "a lot of data that we assumed to be private, and legally must be kept private appeared on a website. Here's everything we know and the steps we have taken." Essentially what happens when there's a screw up and lawyers get consulted about how to disclose it.