> It's illegal in the real world, and should be illegal in the digital world
It is illegal in the USA. And is easily an arguable civil case as well. The problem is identifying the perportrator.
Organizations are only way to hold poor actors accountable.
Bad PR and going out of business cause data critical to operations has all been deleted are strong incentives. Unfortunately businesses typically lobby for harsh laws, tyrancial surveillance rather than the expensive and difficult process of improving their operational security.
Bad PR works to an extent, but bad PR can be combatted with good PR, not necessarily with changes. I think an independent regulator would be useful; one that can testify that a company is following best practices for data, etc. Although if the regulators don't have any teeth, or if they don't have a clear benefit for companies to allow a regular, comprehensive, internal audit, it definitely won't gain any adoption.
It is illegal in the USA. And is easily an arguable civil case as well. The problem is identifying the perportrator.
Organizations are only way to hold poor actors accountable. Bad PR and going out of business cause data critical to operations has all been deleted are strong incentives. Unfortunately businesses typically lobby for harsh laws, tyrancial surveillance rather than the expensive and difficult process of improving their operational security.