| ▲ | DrewADesign 5 hours ago |
| Maybe there should be some kind of annual ISO privacy certification for companies that resell any customer data in any form. Then make data customers (e.g. marketing agencies, major retailers) and data collectors (e.g. those that collect telemetry data from libraries included in their app, auto manufacturers, wireless providers) civilly liable for any privacy violations dealing with uncertified brokers, making sure there’s an uncapped modifier based on the company’s annual revenue. That seems like it puts the bulk of the compliance responsibility on the parties that can do the most wide-scale damage with unethical and dodgy practices, while leaving some out there for others that need incentive to not ignore the rules. Haven’t really thought this through and I’m not a policy wonk… just spitballin’. |
|
| ▲ | dredmorbius 4 hours ago | parent | next [-] |
| Bonding and/or insurance. Make this cost and practices will change. |
| |
|
| ▲ | JumpCrisscross 4 hours ago | parent | prev [-] |
| > Maybe there should be some kind of annual ISO privacy certification for companies that resell any customer data in any form Why is this better than requiring deletion? |
| |
| ▲ | dredmorbius 4 hours ago | parent | next [-] | | For starters, it provides protection and accountability for those who don't have the prior presence of mind to demand deletion. An act which mandated deletion in all cases for data once business needs are addressed (often 30--90 days for much data), might address your question. But the Delete Act isn't that. | | |
| ▲ | JumpCrisscross 4 hours ago | parent [-] | | > it provides protection and accountability for those who don't have the prior presence of mind to demand deletion Perhaps. I just see another compliance-industrial tax on consumers backed up by a nonsense checklist. > act which mandated deletion in all cases for data once business needs are addressed (often 30--90 days for much data), might address your question Or opt out by default. Perhaps California should give counties the power to do that. Then we can watch the experiment for unintended consequences. | | |
| ▲ | DrewADesign 4 hours ago | parent [-] | | I work in a specialty in an industry that requires a fairly stringent annual ISO certification. Even preparing for the audit it is a completely worthwhile exercise in seeing things that maybe got swept under the rug or left by the wayside. Customers having clearly defined criteria to prove in court or even business negotiations, that our lapse was negligent or in bad faith keeps us from straying too far to begin with. Our having clear criteria to show that we followed industry guidelines shuts down customers trying to accuse us of something in bad faith, or even trying to make a mountain out of a molehill to get leverage in a contract negotiation or something. I’ll bet most of it depends on how good the certification is. My bosses think it’s annoying, and sure not 100% of the requirements make a difference for us, but most do, and from my vantage point, I can see how much of a difference it makes. | | |
|
| |
| ▲ | 4 hours ago | parent | prev [-] | | [deleted] |
|
