Data Limitation Laws?

Legislation to limit the amount of data that can be retained


It is usually not a good idea for lawmakers to get involved in cyber security beyond a certain point.  The reason for this is that lawmakers do not have an understanding of the technology that they are legislating.

Case in point:  Australia is quickly enacted legislation that will require companies like Apple and Facebook to provide a way for law enforcement to read encrypted data. 

This sounds nice on the surface because law enforcement can go after the bad guys easier.  But this law will be a boon for hackers because the encryption will be less secure.  There will be a back door or another method available to decrypt the messages and data.  If it is there, hackers will find it… it is just a matter of time.

But this may be a good idea…

There is no reason that businesses should keep certain customer information after a specified duration of time.  But they do.

When data breaches happen we find out on the news what personal details that the hackers got.  Often it includes credit card information, addresses, and even items like passport numbers.

Businesses build up massive databases of this personal information over years and years.  We don’t believe that there is a valid reason for companies to keep expired credit card information for  years and years.

Recent news shows that data that is over 5 years old has been stolen by hackers.  If there was a limitation that prevented companies from keeping data for after a specific duration then customers would be protected to an extent.

Companies should face fines

It will be easy to determine when companies are in violation of the data limitation law.  When there is a breach and it is found out that a company kept the data beyond the required time limit then that company should face additional fines due to the violation.

Audits could also be conducted to make sure that the data is deleted after the time limitation is up. 

Is it a good idea?

We believe that companies should self regulate.  But unless there is a compelling reason, companies will likely not give up their valuable data – even if it is out dated.  Therefore, it is time of government to act.


Please enter your comment!
Please enter your name here