Data Limitation Laws?

It is usually not a good idea for lawmakers to get involved in cybersecurity beyond a certain point.  The reason for this is that lawmakers do not have an understanding of the technology that they are legislating.

Case in point:  Australia is quickly enacting legislation that will require companies like Apple and Facebook to provide a way for law enforcement to read encrypted data. 

This sounds nice on the surface because law enforcement can go after the bad guys easier.  But this law will be a boon for hackers because the encryption will be less secure.  There will be a back door or another method available to decrypt the messages and data.  If it is there, hackers will find it… it is just a matter of time.

But this may be a good idea…

There is no reason that businesses should keep certain customer information after a specified duration of time.  But they do.

When data breaches happen, we find out on the news what personal details that the hackers got.  Often it includes credit card information, addresses, and even items like passport numbers.

Businesses build up massive databases of this personal information over years and years.  We don’t believe that there is a valid reason for companies to keep expired credit card information for years and years.

Recent news shows that hackers have stolen data that is over five years old.  If there was a limitation that prevented companies from keeping data for after a specific duration, then customers would be protected to an extent.

Companies should face fines

It will be easy to determine when companies violate the data limitation law.  When there is a breach, and it is found out that a company kept the data beyond the required time limit, then that company should face additional fines due to the violation.

Audits could also be conducted to make sure that the data is deleted after the time limit is up. 

Is it a good idea?

We believe that companies should self regulate.  But unless there is a compelling reason, companies will likely not give up their valuable data – even if it is outdated.  Therefore, it is time for the government to act.