RE: https://toot.cat/@EveHasWords/116041692410497298
There’s a lot of shit that persists in the west primarily because our governments refuse to hold companies fully liable for their actions. A company with as many serious data breaches as #TMobile has had should be out of business and, in a world where we still have prisons and money, the executives’ money should have been seized and they should be imprisoned.
At least ten people died and many others sickened because of #BoarsHead but, as far as I know, there have only been lawsuits and “oversight.” No charges of murder or negligent homicide.
I doubt we’ll ever know the full scope of #ThreeM ‘s (3M, hashtags starting with numbers don’t work on Mastodon) environmental crimes. It’s reasonable to assume their evils vastly outweigh my other examples combined.
#Discord should have felt like they were shitting their own shorts when the breach was unveiled. Instead, they’ve been emboldened to take bigger risks with more peoples’ data.
We can’t boycott our way out of these problems. We can work for a world where the wealthy and powerful either don’t exist or have meaningful consequences for their actions.
Hey #discord . Why the hell would we give you our ID when you've already exposed the ID of the folks who have already given you their ID?
"We're now using a different vendor who haven't yet leaked everyone's IDs and we keep your data for the smallest possible period of time!"
Every organization will have a data breach eventually. The question is when affected users will find out and what data you had in the first place.
The fact that your new vendor has not yet had a known breach doesn't mean that they're safe. It doesn't even mean they haven't had a breach yet! It just means any breaches are, as yet, unknown.
A fundamental principle of PII is that you should not gather data unless you have a sufficient justification for doing so that cannot be handled without having that data.
Your justification is nonexistent for you ever having this information. Therefore ever having it is not justifiable. If our legal systems allowed the full consequences of that inappropriate data collection to fall on your shoulders where it belongs, no insurance company would ever agree to insure you while you are gathering this data. No matter how little a period of time you purport to have it.