SecurityFocus examined a court’s reaction to one of the laptop-with-personal-data losses and suggested we should have strict liability for data breaches and my question is why don’t we already? The court’s argument that no one protects data so no one has to is silly in my mind. An average “reasonable man” may not encrypt data, but you don’t hire them – or shouldn’t – to run data security. You hire experts. Every expert I have talked to (admittedly a small sample of only dozens) says: “Encrypt.”
So let’s use a “reasonable expert” standard instead. Any lawmakers feel game to write that one up?
