Storing customer data is a huge liability. I’m actually surprised that most companies seem to enjoy storing ex-customer’s data. If you have 10 years of history, 10,000 current customers, 30,000 deleted accounts, if you get breached you risk a much larger lawsuit and damage to your name, if you can say, “Only 10,000 credit card numbers were leaked” that looks much better than 40,000 surely? There are also less people you have to email with “Hi, you may have forgotten about you, but oops we didn’t forget about you, we stuffed up and now because we didn’t actually delete your account you may need to cancel your credit card, or your family may find out you are a cheater, or your government now knows you are gay/Christian/Muslim/a human rights protester”. I guess the problem is that customers and regulating bodies don’t care enough. It will probably take many large Ashley Madison style lawsuits with big damages to see any change?
The Ashley Madison case was interesting legally because users could legally claim they’d been harmed. That isn’t the case with most breaches of financial data; until somebody’s bank account is actually drained, and they can prove it was that particular breach…
It is possible that the law in this area will improve, or that a regulatory body will take an interest in it. One can hope.
Storing customer data is a huge liability. I’m actually surprised that most companies seem to enjoy storing ex-customer’s data. If you have 10 years of history, 10,000 current customers, 30,000 deleted accounts, if you get breached you risk a much larger lawsuit and damage to your name, if you can say, “Only 10,000 credit card numbers were leaked” that looks much better than 40,000 surely? There are also less people you have to email with “Hi, you may have forgotten about you, but oops we didn’t forget about you, we stuffed up and now because we didn’t actually delete your account you may need to cancel your credit card, or your family may find out you are a cheater, or your government now knows you are gay/Christian/Muslim/a human rights protester”. I guess the problem is that customers and regulating bodies don’t care enough. It will probably take many large Ashley Madison style lawsuits with big damages to see any change?
The Ashley Madison case was interesting legally because users could legally claim they’d been harmed. That isn’t the case with most breaches of financial data; until somebody’s bank account is actually drained, and they can prove it was that particular breach…
It is possible that the law in this area will improve, or that a regulatory body will take an interest in it. One can hope.