Quote:
Originally Posted by jyl
...(snip)...Do the companies that obtain and store our personal information have enough incentive to harden their security?
|
^^This is it in a nutshell.^^
It is still "cost effective" for these companies and banks to cover the losses for their customers, issue new cards, and pay settlements on suits. These costs are then passed on to the customers in the form of higher prices, new or higher fees, and cuts in services under the guise of the ever popular, cost of doing business.
Money, of course, is what drives these companies and money (or loss of it) is the only real incentive to get them to take personal security more seriously. We all know that any secure system can be breached--it's an on-going battle that ratchets up the level of security and the sophistication of the breaches whenever it is fought. The penalties should be aimed at those companies that fail to keep pace with the escalating need for more complex and secure systems.
Yes, meaningful monetary penalties may work, but loss of public trust and its patronage is more direct and painful. As long as the general public can live with their loss of personal information being bought off by financial loss coverage and new card or account issuance, there will be no great incentive for companies to improve.