Personal data right now is considered an asset. It needs to be seen as a liability.
Maybe the solution is a data tax. You pay a set amount every year for every piece of personal data you have. If you buy personal data from another company, you still have to pay the tax for the data you acquired.
If you have a breach of data, your tax goes up for a period of 10 years.
In addition, every piece of personal data needs to have provenance which must be tracked. There must be a way to track from when a consumer input the data all the way through. Fraud in regards to this provenance is punishable by jail time. If you have data that does not have provenance, the company will be severely fined and people will go to jail. In the event of any data breach, not only will the company that had the breach be taxed extra, all companies that provided the data to the company (which is in the provenance information for the data) that had the breach will also be punished with increased data taxes.
EDIT:
In addition, maybe require annual personal data reports. The reports should contain
Amount of personal data.
Amount of personal data last year.
Data breaches.
Amount of personal data acquired directly from consumers.
Amount of personal data purchased and from whom at what prices.
Amount of personal data sold and to whom for what price.
This will be a filing to a government agency every year on penalty of perjury and be signed by all the board members and the c-suite. This will be publicly made available by the government. That way people can see what is happening with their data, and who is profiting off their data.
Instead of a data tax, I like the idea of mandatory data insurance, with payouts to users whose data is leaked/stolen. If your company has shitty security, or a history of leaks, your data insurance provider will charge out the ass.
The financial math has to clearly be on the side of it being more profitable to practice proactive security.
Without data provenance (ie a data chain of custody) corporations will just "subcontract" it out to the lowest bidder. There needs to be consequences all the way up the chain to everybody that provided the data. This way, the people will bad security won't even get the data in the first place because no one will risk their data with them.
If it doesn't need to be insured, you could just spin off a smaller entity responsible for holding the data for you, and shut the company down if the data leaks. You can do the same if insurance is required of course, but any brand new 'personal data holding' company would likely have very high insurance premiums to offset the risk.
And people wonder why I am so hostile to the our way of creating and governing corporations, and our way of divorcing business from the lives and reputations of of those who run it.
> If it doesn't need to be insured, you could just spin off a smaller entity responsible for holding the data for you, and shut the company down if the data leaks
If this is possible without insurance then it’s possible with, and every insurance company will mandate the structure to limit payouts. Mandating insurance simple entrenches the insurers. Why, for instance, would you want to require Apple purchase insurance against its users’ data?
Side note: beneficial ownership [1] and affiliate definitions [2] are useful for such cases.
> If this is possible without insurance then it’s possible with, and every insurance company will mandate the structure to limit payouts.
You can't limit insurance payouts this way, because the entity has to carry the insurance. You only limit the exposure of the larger entity after the assets of the liable entity, including any insurance coverage, are exhausted. But the more the mandatory insurance level is, the less likely spinning off to protect the parent is to ever be valuable, and it never protects the insurer, so they won't mandate it.
That doesn't necessarily limit your risk exposure if litigation ensues. Anyone going after you (or the data holding company in particular) is going to attempt to pierce the corporate veil. And while that's not necessarily easy, it's still common enough. In that situation, it's almost inevitable that the separation won't be clear and strong enough to avoid being pierced.
Of course, that's all irrelevant unless there's a significant change in how the law treats data security.
And since no insurance provider enjoys compensating millions of people, it would be very likely they would fiercely fight those responsible for the leak.
I'm assuming the strength of your password. The security practices of the company storing data. e.g. Company only uses SHA-1 for storing passwords premiums skyrocket.
Troy Hunt just published and article today (Dec 19th) titled "Fixing Data Breaches Part 2: Data Ownership & Minimisation" , which discusses this exact topic [1]. The entire post is worth a read, but he offers an excellent summary:
> Summary
This whole post is about giving control of data back to the rightful owners and minimising the impact on them when a breach occurs. This is equal parts a fundamentally simple objective to achieve and one that is enormously difficult. It's simple not to request that someone provides their date of birth to a cat forum; neither the site nor the user themselves lose anything by not collecting this data. Yet it remains a difficult objective because not only do so many services continue to view our data as an asset, they never expect to be the victim of a data breach which then turns that data into a liability.
> Personal data right now is considered an asset. It needs to be seen as a liability.
In Europe, especially with the upcoming GDPR laws, data is seen as a liability by many companies.
Data being a liability just means that companies need to think twice before storing it - if the data is sufficiently valuable, companies will still store it, but they have to manage it properly and mitigate risks since penalties are harsh.
Storing data "just because you can" will no longer be worth it, and rightly so, given the risk.
Yes! And if you “lose” my data you owe me big money.
Also have the fine scale exponentially by data items.... data set of 100 people with 2 items (name and email = $400 total or ($2x$2=$4 per user x 100 users)).
Data set with 1 million users and 10 fields per user would be $1B and $1,024 paid to each person...
Then make companies bond their liability - with recourse against anyone up the chain of title if the data was purchased...
What's anoymous data? If I have an e-mail, a screenname, and IP, I bet I could identify at least the household with a much greater than 0% success rate.
This is what needs to happen. "identity theft" is what people fear. It would not happen if the banks got sued for big money and lost every time they lied to credit agencies about debts you did not default on. All this data breach stuff is mostly a bait and switch tactic from the real problem stemming from bank slander.
Your security clearance report stolen by the Chineese from the US government OPM database[1]. This could be a real problem for you. Information anyone can get by paying for it? This would not be a problem if credit fraud and credit reports were not such a big problem.
"if the banks got sued for big money and lost every time they lied to credit agencies about debts you did not default on" is pretty much the situation in most (all?) of EU; if you dispute the claim, then the debt can't be reported to anyone else unless they can prove that it was you, and no, "they knew your magic number and your mother's maiden name" doesn't count as evidence.
Coincidentally, we don't have the same types of mass identity theft issues that USA has.
Observations of behaviour are not normally isolated to facts, they're integrated to create models of behaviour.
I was specifically giving an example of why your observations don't automatically mean you have ownership today. I'm personally in favour of laws that ensure such observations are more explicitly owned by the observee in corporate scenarios.
Haven't you heard... It's all about blockchains of blockchains these days. Gives you ln(n) time instead of n. There is also interesting work in leader follower blockchains.
Bruce Schneier had a blog post last year, 'Data is a Toxic Asset'. His ideas about what to do are... "We need to regulate what corporations can do with our data at every stage: collection, storage, use, resale and disposal. We can make corporate executives personally liable so they know there's a downside to taking chances. We can make the business models that involve massively surveilling people the less compelling ones, simply by making certain business practices illegal."
I think the solution is more that "personal data" needs to stop existing.
Either it's private, and then NOBODY has it (i.e. stored on local machines, paper or just memorized), or it's not private, and then it's publicly accessible on a website, or it's confidential and then it's either service-specific data that is deleted as soon as possible (e.g. web searches) or given along with a physically signed contract containing an NDA and penalties for failure to keep secret.
The best way to achieve this is to require, by law, companies to publish on the web anything they learn from customers that is either not strictly part of their interaction with the service or has been stored for more than a month.
This will result in companies no longer asking for things that customers don't want to be public, and deleting interaction data unless the customer wants it kept and published.
Also it will result in a reduction of Google/Facebook/etc.'s monopoly powers since they will have a reduced monopoly on customer data.
Given the data stories that happen pretty much daily now, at this point I'm waiting so hard for GDPR that I'm considering throwing a welcome party at 25th of May, 2018.
But why is it an asset to begin with? Why did it not stay a liability?
I hear things about how the data is the 'real' product, and how it's mostly used just to train algorithms that are then used to sell ads. More data, better training algos, better ad targeting, more money spent.
But that data can be remarkably easy to spoof and goof with. Garbage in = garbage out. That would be a liability to the algos, the real weak links.
So, I think that a tax is not the best idea.
Rather, the data needs to be made into 'garbage'. Yes, an obfuscation race will ensue, but there is always more trash than gold, more noise than signal.
If we really want to change the game, we need to have easy to use apps that will throw a minute amount of static on the instagram photos, that will put just a bit of background on the phone calls, and that will throw a small bit of random words into the emails.
Yes, PGP does this already, but we all know PGP is not easy to use (by design?).
We don't need 'total' security and safety, just a bit of fuzz will screw with the algos enough (thus the start of the obfuscation race/war)
Keeping personal data is fine. The issue is that everyone involved with handling the data has a cavalier attitude. They just shrug when it is leaked because it is no skin of their back.
The solution: lawsuits. The laws need to be relaxed where if a company leaks data, we are entitled to damages. Just like if someone assaults you on the street you are entitled to damages.
The most famous case is McDonald's. When their hot coffee scalded a woman, she was awarded damages. Suddenly, everyone food serving establishment too care to make sure the temperature was right, printed warning labels, and told customers to be careful...it's hot.
Pretty sure if some of these companies get stiffed with huge fines, everyone will take notice and clean up their act.
Instead of a tax, how about extending the cumbersome PCI Compliance regulations to all personal data? How many of you would store credit card numbers willy nilly today even if asked by a client? :-)
Virtually all ... assets / goods / services ... have both some positive and potential negative value. There's a component of risk.
This gets complicated when the interactions themselves are complex and indirect. I'm looking at some general notion of complexity, in terms of scale, structure, and depth, but one general notion I'm working toward is that of intermediation -- the distance, think of it as a depth in nodes -- between the observer and observed. The shallower that depth, the simpler the interaction, the less intermediated the relationship.
Node complexity also matters. Jumping through dumb pipes is one thing, passing through complex relays another. The children's game of "telephone" exemplifies this -- contrast that to simply passing a note down the chain. The note (written on paper) is physically transported. The verbal message is passed from one person to the next.
(We're ... starting to see bits of this emerge as our comms networks become more complicated, and powerful in processing capabilities.)
Back to value/liability: any given opportunity or action has some positive potential and some negative one. We tend to pursue actions with a high probability of success, and where negative consequences are either rare, or, and this is problematic: vaguely defined or difficult to articulate. That is, there's a risk, but you don't know how big that risk is. And in cases it's huge: tetraethyl lead, asbestos, tobacco, CFCs, fossil hydrocarbons.
But it takes years or decades to establish the risk. And there's a strong motivation to denying it or suppressing the message.
Taxes are good for discouraging directly harmful activities or internalising externalities. I'm not so sure they're the right mechanism for costing risk, though as an alternative to insurance, that's a possibility.
Personal data is already a liability in the medical space. How’s HIPAA made that any different? Are those databases breached just as often, but of little interest?
A relative of mine works in IT for a non-US hospital. (Avoiding naming it because of backlash potential, both for him and myself.)
When he started there, as bottom level IT support, he had access to everything. Admin passwords, doctor's passwords, he could write prescriptions and put a doctor's name on it. He could order anything and everything, and send it anywhere. He could read your medical files, if you were a patient there at any time. There were no restrictions, only some logging.
The place is only >>this week<< securing the network, because the last security guy quit and a new guy started.
I don't know what it's like in the US, but where he is there should be regular audits and criminal negligence charges for this kind of thing.
For the first 100 years, we just arrested folks who actually faked records or stole things. Now we do it if they don't make it impossible?
I know, networks change everything. But inside a secure facility its often (always) the case that personal integrity (and maybe some audits) is used to ensure correctness most of the time.
Somebody working in a hospital could steal prescriptions off of patient's tables, could lift wallets and purses, heck could even take a knife and attack people. But instead of hobbling everybody and locking everything up, we instead trust folks. And take action when somebody un-trustworthy violates that.
> For the first 100 years, we just arrested folks who actually faked records or stole things. Now we do it if they don't make it impossible?
First, "impossible" is taking the argument to the extreme. Second, the insecure network OP described is negligence. Perhaps they were even reckless. That's not a new concept.
Most businesses don't need to store sensitive private data, it's a convenience and marketing benefit for them. The few domains that really do have a need for this data can afford to handle the data properly; and all other business should consider the cost of handling that data prohibitively high, and simply do their business without that data.
Good. If your business depends on collecting tons of personal information from people, and storing it in a way that puts innocent people at risk, your business does not deserve to exist.
> If you have a breach of data, your tax goes up for a period of 10 years.
You do know it is impossible thwart all data breaches right? You can have the most sophisticated security system created and Zero-day attacks are still bound to occur. Data breaches occur without the companies themselves even knowing they took place... Geniuses are on the offensive side, if they want in, they will get in. No company in the right mind would agree to pay a tax when the inevitable happens. Just my 0.02
If you can't keep the data secret, then maybe don't store data worth stealing. Yeah, breaches will always occur, but this data shouldn't have been piled up in the first place.
> You do know it is impossible thwart all data breaches right?
As RcouF1uZ4gsC's proposal contains measures to be taken when it happens, I strongly suspect that he does, in fact, know that.
> Zero-day attacks are still bound to occur... Geniuses are on the offensive side.
Most of the breaches have required neither of these. The goal is to improve the practice of security to the point where the only successful attacks would require both.
> No company in the right mind would agree to pay a tax when the inevitable happens.
You have a very unconventional idea of how companies generally operate.
> I strongly suspect that he does, in fact, know that.
His proposals imply that he does not in fact realize that zero-day attacks occur. Negligence is one thing, but having state of the art security systems and still being punished for a breach is another thing. A state sponsored group with enough time and money can repeatedly infiltrate a system. A tax certainly wont solve the problem
If your business is such that a tax penalty on a breach would make you no longer able to afford to do business, then you have two options:
1) don't store the data in the first place - your risk no goes to 0
2) scrap your business plan as the cost of holding the data given the impossibility of preventing every breach is greater than the economic value it would generate
Today you don't have to really think about what the cost of losing the data is because your portion of it is 0. That's stupid. It's like every startup deciding to include a new type of coffee machine that includes a small nuclear reactor - sure, we can't prevent all possible disaster scenarios, but the marketing people and data people REALLY LIKE having this type of coffee available, and the government isn't giving us any reason NOT to have it, so why not?!
So if a tax either makes you put money aside to account for the risk, or shuts down a bunch of frivolous examples of personal data collection, it's solved a huge part of the problem.
You are using rare, worst-case events to, in effect, excuse the currently abysmal state of security. When we have reached the point where zero-days account for almost all the remaining successful attacks, we can revisit the question.
The linked article is not very good imo. It goes into almost no detail, despite including two directly contradictory statements:
"Yet another cloud storage misconfiguration has exposed personally identifiable information (PII)" and
"the data in question contained no names of any individuals or any other personal identifying information"
The Forbes article also points out that the DB is now secured. I have 2 take-aways:
1. This isn't an announcement that our details have been leaked, so much as a reminder that our details are now and will perpetually be leaked, in one form or another by an externalized party.
2. Databases mapping all American households exist.
I worked at Experian and had access to ConsumerView by way of any number of crazy integration schemes that were/are perpetually making a mockery of security protocols in order to meet deadlines and please clients. Pretty much anyone with network access could download a copy and walk out with it.
| 2. Databases mapping all American households exist.
And they can be pretty comprehensive. Short anecdote but the last time I moved, and before I had updated any address information on my accounts/ID, the first piece of non-forwarded mail I received addressed to me was a credit card offer from AMEX. I still have absolutely no clue how they knew where exactly to send it to me.
I'm assuming a lot here but there is always the chance that your door-to-door post man or woman went to deliver any generic piece of mail to your old address only to find out you no longer lived there. I'm fairly sure there is a mechanism in place where a post man or post office can set a recipient as "moved" or "moving" to let the entire postal system know that until that recipients new address is figured out that no mail should be going to the old address.
That said the cynic in me won't allow the positive optimist within me to win this one. While I do believe there to be many wonderful postal workers I am going to assume that corporate greed is winning out over the kindness and caring of the human heart in this specific situation :(
Indeed, databases mapping all American households have existed, and been sold and re-sold, for decades.
Compared to Equifax, this is nothing. Why? Because this data can't be used for identity theft, and it's been widely available in downloadable, fully portable form for 2 decades.
The forbes article is good. The original linked article is so poorly written, I thought it was a sham.
The Forbes article says that the US is one of the few countries that does not have laws requiring the protection of such information. But let me ask: what would a new law change about this particular incident?
Unless the law specifically requires that someone go to jail, then the law will make no difference. The owner of the data didn't mean to expose it all. It just happened.
We already know that when companies flout the laws, no person goes to jail. The company pays a fine and everyone continues doing what they were doing. The punishment is irrelevant. With this kind of repercussions, Laws are ineffective.
Set a value on the info, statutory value, and suddenly a breach can bankrupt you, you seek insurance, and the insurerers want due diligence of your infosec.
My understanding is the information was readily available to businesses from other sources. It just popped up on people's radar because Lotus was such a high profile company at the time.
Bingo. Ironically, the party that got screwed here is Experian since your PII is their saleable asset.
If you want to be mad, be mad about that, not the fact that somebody applied a publicly readable bucket policy to some data they paid tens of thousands of dollars for.
At this point the only reasonable conclusion is that all of your bio/demo, employment, residential history, medical history, insurance claims history, credit history, etc is exposed. These things are no longer valid for identity verification.
All personal information sharing should now be purely digital and encryption-keyed. We have all of the protocols, interconnected networking and ubiquitous computing necessary to make it practical.
The only “data” any organization should receive is an encrypted blob that is constructed using the key of the person who owns the data and the key of the entity that was directly given the data. Furthermore, the encoded blob should have a date of encoding and a duration of validity. In other words: “I, John Q. Public, authorize You, DataLosingMegaCorp, Inc., to receive This Blob, which is valid for 6 months or until either party revokes the key”.
Other public systems in society should be upgraded to require additional layers of security. Want to send commercial snail mail to my home address? Great: please provide the postal service with a one-time authorization code that you received from me (after all, you are using an address given to you by me and not bought from somebody else, right?).
Another nice feature would be for data to include bank deposit info for the data owner and bank withdrawl info for the data-receiving entity, where EVERY SINGLE TIME your data is decrypted you receive a cash deposit from the data-receiving entity. And make it sting, a lot: I want it to cost real dollars to use data (and of course, I can still revoke my key at any time if you still manage to do something stupid with my data).
A big problem with this is that a lot of data about you isn't owned by you. The fact that you took out credit card X on Y date and have paid the balance on time since then is owned by the credit card company you do business with (well, it belongs to you too, but businesses are more willing to trust Chase than you). This information has real business value from being a leading indicator and costly signal of your future propensity to repay debts.
At the risk of speaking for OP: The point is that the data should be owned by me. Yeah, I get that it has value to other people, but I'm the one that has to deal with the fallout, not them. Just because something is useful to a business doesn't mean that they have the right to it. If they want information about me, they should be asking me, not some third party.
I don't disagree, but then how do we trust it? I suppose (thinking out loud) that we could have everyone on your credit report sign it, but then encrypt it to your public key? That way only you can let others see it, but it's still tamper-proof.
There's a legit need for tampering, though - to arbitrate disputes between creditors and debtors. Also to comply with the Fair Credit Reporting Act. So there's four parties that contribute to the document:
1. Credit applicants, who release all-or-none of their credit report information, and can see it at any point in time. Means it needs to be stored encrypted with their public key.
2. Creditors, who can add, edit, and remove information from someone's credit report. Presumably this adds a way to verify that the addition/edit/deletion is from them and not some other party (sign with private key).
3. Other creditors, who can - with approval - view an applicant's credit report and know it is complete and up-to-date.
4. Arbitrator, who resolves disputes and deletes or corrects inaccurate information from reports.
And presumably you'd want some sort of additional safety mechanism to prevent dissemination of the unencrypted result? Like, if you gave an organization an unlock code, maybe it's possible to arrange things such that that organization's private key is able to create legit-looking data, so nobody else could trust third-party sharing of credit report data?
This is nonsensical--your interactions with other entities belong to them just as much as you. Chase gets to talk about their experience with you just as you may talk about your experience with Chase.
>At issue is once again an Amazon Web Services S3 cloud storage bucket that was misconfigured and inadvertently left open to the public internet, where anyone with a connection online could have found it.
I use S3 and I have noticed that by default it's locked down and secure and in order for it to be open you have to open it for the public. Maybe AWS could improve the way it can secure the S3 buckets by making it easier to whitelist access by IPs or some variant to this. Although I personally find it fairly straight forward to use in the projects I work on but it appears it may be difficult and my developers just open it up to the public so their apps can easily access it.
It is just _so_ easy to make the whole thing public vs what it takes for more granular privileges (though I do agree that it's pretty straight forward if you understand how to set bucket policies, etc.). It's really just a couple of clicks in the console - it's a classic usability vs. security problem.
I have never used it so I don't know how clear is the UI but if we keep seeing people doing the same mistake (leaving an AWS repository open leading to a major data leak) then perhaps there is something wrong about the UI, and how easy AWS makes it to access a private repository.
Also what I don't understand is do AWS storage buckets have directory listing enabled by default? How can a third party guess the URL, unless it is something obvious like /backup.csv.
My biggest problem with S3 is the old multi-layered security model with bucket policies and ACLs. They need to update it to just use IAM like everything else.
That's ridiculous. AWS provides infrastructure and tools, it's up to developers and companies to properly deploy them and implement the appropriate security.
Oh please. AWS can get super-complicated but, especially with the latest console updates, you really have to try to make S3 buckets public. There are good reasons for public buckets; I use them. At this point if you're kicking people, it really is on the developer (or the management of their app dev organization) if they make S3 buckets public "accidentally."
AWS has Config rules and Macie to help avoid these kinds of data breaches so basically the few excuses left for these now literally come down to variations of laziness or lack of willingness to fund usage of these services (that are really cheap compared to the cost of remediation a data breach disclosure to the public).
How is it okay that this information is even available from Experian in the first place?
I don't think anyone opted in to this. And I don't think there is any obvious way to opt out.
And Experian is not just some data tracking company watching your behavior on a website; they're supposed to be protecting our credit system. Do they obtain some of this information through special privileges because they're a pseudo-official credit score agency? If so, is this grounds for a class action lawsuit?
Apparently I take better care of user information on a hobby project running on localhost that will never see a remote server than these giant companies do with real life data.
The data is just way too spread between too many companies. Someone will screw up somewhen for sure. Not sure how to solve this. Make it illegal to store data and instead only allow access with permission for specific purposes?
Let companies share and do whatever they want but put huge fines on data breaches. Make it a felony to hide, fail to report or otherwise lie about data breaches. Money if you fuck up, prison if you lie about it.
that should align some incentives and get you a good way along. It will incentivise proper security measures, and help quench the thirst for data in the first place.
If no one went to jail for what Wells Fargo did with opening unauthorized accounts I don't have much hope that there will be meaningful fines for data breaches.
As others have said on other comments on this article, everyone has to stop using that data (all of it) for purposes of verifying that you are who you claim to be.
My initial thought was "good luck with that", but maybe, in an ironic sort of way, these breaches are going to force that to happen.
"You say someone opened a credit card in my name, and you want me to pay for what they charged? What data did they use to open the account? Um, yeah, have you heard about the Experian breach? So you know that the entire internet has that data about me? Yeah, good luck collecting, suckers."
If that holds up in court (at not too great expense for the party being sued to pay the debt that isn't theirs), then financial institutions (all of them) are going to learn very quickly not to rely on that information for anything.
If you're a bank, if someone opens an account in my name, it should be your problem, not mine. If you're going to tie something to my identity, you need to require more proof of identity than information that is practically public knowledge (social security numbers, addresses, former addresses, etc.).
You can make it illegal for them to do so; many countries require lenders to ensure that they clear any marks on your credit if the claim is disputed and they can't prove it's you; saying "Bob took money from me and didn't give it back" is clearly libel if they can't prove it's true. You don't even have to go to court for that; you simply dispute it and either it goes away or they charge you with fraud if the prosecutor believes that they have solid evidence that it's really you and you're intentionally scamming them.
There are options that have been tried, they're just difficult for USA to adopt because of reasons mostly tied to the weirdness of identity and IDs in USA.
I like drastic, because what else is going to spur the powers that be to revamp how we approach identification? Something dramatic like this is almost necessary at this point. Equifax was huge and yet what reforms have we seen? Is anything even in the pipeline?
I fear this will take the usual course of action: It's gonna get worse until something really bad and really large scale happens, only then will people realize the need to act, but then it's usually already way too late.
Did the general public really feel the consequences of that data breach personally yet?
Not to go all Godwin but when the parent mentioned "something really bad and really large scale" my mind immediately went to the holocaust and other genocides. Can you imagine a totalitarian regime having access to this type of tracking data? It's pretty chilling.
Maybe companies like this just shouldn't be allowed to store data on people anymore. It's becoming clear that none of them know how to keep it from being stolen. I reckon most people don't even know they're affected by this.
Does it still make sense to shred our personal documents with our names and addresses? Given so many leaks, it may be more easy to get our information online than going through our garbage.
If I don't shred it, I usually dump it into a particular trash can. The bag from that trash can is the one I usually use for cleaning out the cat litter. If someone wants to steal it from my trash can, it may be possible, but they're going to earn it.
How is it that addresses and phone numbers are not considered personal identifying information???
Forgetting for a moment the fact that with even a few data points on someone it is getting easier and easier to cross reference other data sources and de-anonymize almost anything - but address and phone numbers are so directly and easily tied to real people this seems like a massive oversight in current regulations on "personal identifying information".
Somewhere there is a law enforcement organization that's drooling over the thought of automatically generating a list of suspected grow-ops by cross referencing power usage with marketing demographic information and automatically applying for a search warrant.
They'll probably stop doing it after they kick down the door of a day-care in a rich neighborhood and only find hot glue guns and those beads you fuse with an iron.
> He found the data was sitting in an Amazon Web Services storage "bucket," left open to anyone with an account,
This is hard to believe. S3 bucket names are unique. I can't make a bucket named `bucket`; I'd have to call it `dashkb-bucket` or something (a common convention is to prefix with your company's domain)... anyway...
The point is: for the bucket to be named `bucket` Alteryx must have had one of the very first AWS accounts, and from there isn't it reasonable to assume this bucket has been exposed for many years?
Maybe the solution is a data tax. You pay a set amount every year for every piece of personal data you have. If you buy personal data from another company, you still have to pay the tax for the data you acquired.
If you have a breach of data, your tax goes up for a period of 10 years.
In addition, every piece of personal data needs to have provenance which must be tracked. There must be a way to track from when a consumer input the data all the way through. Fraud in regards to this provenance is punishable by jail time. If you have data that does not have provenance, the company will be severely fined and people will go to jail. In the event of any data breach, not only will the company that had the breach be taxed extra, all companies that provided the data to the company (which is in the provenance information for the data) that had the breach will also be punished with increased data taxes.
EDIT:
In addition, maybe require annual personal data reports. The reports should contain
Amount of personal data.
Amount of personal data last year.
Data breaches.
Amount of personal data acquired directly from consumers.
Amount of personal data purchased and from whom at what prices.
Amount of personal data sold and to whom for what price.
This will be a filing to a government agency every year on penalty of perjury and be signed by all the board members and the c-suite. This will be publicly made available by the government. That way people can see what is happening with their data, and who is profiting off their data.