I will admit that a level of fatigue has reached me as well. I am not even sure what would be an appropriate remedy at this point. My information has been all over the place given multiple breaches the past few years ( and, I might add, my kid's info too as we visited a hospital for her once ).
Anyway, short of collapsing current data broker system, I am not sure what the answer is. Experian debacle showed us they are too politically entrenched to be touched by regular means.
At this point, I am going through life assuming most of my data is up for grabs. That is not a healthy way to live though.
>I am not even sure what would be an appropriate remedy at this point.
It will have to be political and it's got to be fines/damages that are business impacting enough for companies to pause and be like A) Is it worth collecting this data and storing it forever? and B) If I don't treat InfoSec as important business function, it could cost me my business.
It also clear that certification systems do not work and any law/policy around it should not offer any upside for acquiring them.
EDIT: I also realize in United States, this won't happen.
I agree but I think the problem will be if the consequences are that dire then entire classes of business will cease to exist OR the cost of doing things properly will be passed on to the consumer.
I struggle to see how data brokers, social media, etc are a net benefit to society so would be happy to see those sorts of businesses cease to exist, but I suspect I'm in the minority.
The State of Illinois is going to lose its "business" already for other reasons. Do you think there is a reasonable privacy regime that prevents health systems from knowing where their patients live or using that information to site clinics?
This has nothing to do with the "data broker system." Reading between the lines it was more of a "shadow IT" issue where employees were using some presumably third-party GIS service for a legitimate business purpose but without a proper authentication & authorization setup.
Assuming your tea leaf reading is correct, that particular third party would not even exist in its current form without 'data broker ecosystem'. It is, genuinely, the original sin.
Did you actually suffer any negative consequences of these breaches?
I see so many comments about how punishments for data breaches should be increased, but not a single story about quantifiable harm that any of those commenters has suffered from them.
If you want to get more stressed about it and consider the impeding dystopian future, I invite you to think about the “harvest now, decrypt later” potential reality that quantum cryptography is going to enable.
At some point, everything that we have ever assumed to be confidential and secure will be exposed and up for grabs.
I’m from a culture in which family use a very small number of very highly conserved names and non standard name positions. I’ve noticed this is sufficient to confuse the low rent data brokers that do statistical linkage. My parents and grandparents and my siblings and my children have all at various points shared addresses landlines and have overlapping names. The brokers are very unclear on how many people are involved , what sex , what generations what states.
I will admit that a level of fatigue has reached me as well. I am not even sure what would be an appropriate remedy at this point. My information has been all over the place given multiple breaches the past few years ( and, I might add, my kid's info too as we visited a hospital for her once ).
Anyway, short of collapsing current data broker system, I am not sure what the answer is. Experian debacle showed us they are too politically entrenched to be touched by regular means.
At this point, I am going through life assuming most of my data is up for grabs. That is not a healthy way to live though.
>I am not even sure what would be an appropriate remedy at this point.
It will have to be political and it's got to be fines/damages that are business impacting enough for companies to pause and be like A) Is it worth collecting this data and storing it forever? and B) If I don't treat InfoSec as important business function, it could cost me my business.
It also clear that certification systems do not work and any law/policy around it should not offer any upside for acquiring them.
EDIT: I also realize in United States, this won't happen.
I agree but I think the problem will be if the consequences are that dire then entire classes of business will cease to exist OR the cost of doing things properly will be passed on to the consumer.
I struggle to see how data brokers, social media, etc are a net benefit to society so would be happy to see those sorts of businesses cease to exist, but I suspect I'm in the minority.
1 reply →
The State of Illinois is going to lose its "business" already for other reasons. Do you think there is a reasonable privacy regime that prevents health systems from knowing where their patients live or using that information to site clinics?
1 reply →
This has nothing to do with the "data broker system." Reading between the lines it was more of a "shadow IT" issue where employees were using some presumably third-party GIS service for a legitimate business purpose but without a proper authentication & authorization setup.
Assuming your tea leaf reading is correct, that particular third party would not even exist in its current form without 'data broker ecosystem'. It is, genuinely, the original sin.
3 replies →
Did you actually suffer any negative consequences of these breaches?
I see so many comments about how punishments for data breaches should be increased, but not a single story about quantifiable harm that any of those commenters has suffered from them.
If you want to get more stressed about it and consider the impeding dystopian future, I invite you to think about the “harvest now, decrypt later” potential reality that quantum cryptography is going to enable.
At some point, everything that we have ever assumed to be confidential and secure will be exposed and up for grabs.
It is a fascinating future, but wouldn't it imply quantum computing will be even more restricted ( either by law or pricing ) and AI hardware?
1 reply →
Change name to a very common one. Much better privacy.
I’m from a culture in which family use a very small number of very highly conserved names and non standard name positions. I’ve noticed this is sufficient to confuse the low rent data brokers that do statistical linkage. My parents and grandparents and my siblings and my children have all at various points shared addresses landlines and have overlapping names. The brokers are very unclear on how many people are involved , what sex , what generations what states.
I grew up around some people with the last name "Null". I often wonder how they're doing for data privacy today.
Would you like 2 years of credit monitoring? Or perhaps you can get $5 from this class action settlement.
I don't even understand paid credit monitoring.
Each of the big three credit bureaus offer free accounts where they email me if something changes and allow me to lock and thaw my credit.