Legislators are proposing fines for businesses for each piece of data compromised in a hack; however, according to Morrison & Foerster partner Nathan D. Taylor in the Law360 article “Equifax Fallout Could Boost Consumers’ Shaky Harm Claims,” that won’t completely solve the overarching issue.
“If companies were told in advance that if they have a breach they would be fined $1,000 per record, I don’t think that would create an incentive that keeps that breach from occurring,” he said. “That type of legislation is more about punishment and appeasing consumers than it is about necessarily improving security.”
On whether Social Security numbers should be replaced as a benchmark for identity verification, Mr. Taylor continued: “While this is a conversation we should absolutely have, the discussion is fundamentally premised on disincentivizing threat actors by impacting their demand, so if you replace the Social Security with XYZ number, what we’ll see is threat actor demand would shift from Socials to XYZ. We don’t have a Social Security number issue, we have a cyber threat and resilience issue, and the biggest challenge of this generation is how do we secure ourselves in this automated and internet-connected world.”
Read the full article.