Post · bonfire.cafe

Post

@grumble209@kolektiva.social · 2 months ago

@SecureOwl Personal Identifiable Information (PII) is best thought of as oily rags that companies keep around to squeeze for oil. (hat tip @pluralistic )

So OpenAI and their friends Mixpanel had an in-house fire of oily rags, but luckily, there was no fire damage at OpenAI. Well, then.

Seems to me that any company that keeps PII ought to be required to carry data breach insurance, or at least put sufficient money in escrow to pay customers for damages when the inevitable breach occurs.

Maybe $5/user/calendar quarter, maybe less if the company gets an annual audit that shows compliance with data privacy standards.

Federation Bot

@Federation_Bot replied · 2 months ago

@grumble209 @SecureOwl @pluralistic

Companies need to stop treating personal information as a private asset and start treating it as a public liability.

David Chisnall (*Now with 50% more sarcasm!*)

@david_chisnall@infosec.exchange replied · 2 months ago

@grumble209 @SecureOwl @pluralistic

Requiring insurance is interesting because insurers will care about the risk of a payout. If you have a breach, the costs will go up. If you can't show that you're following best practices, the cost will go up.

Make it $100/user and insurers will charge a reasonable amount if they estimate your chance of a breach is <1%, but if they think it's 50% then they won't charge less than the money you make per user.

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1-beta.33 no JS en

Automatic federation enabled