Managers at businesses and organizations all over the United States collect and store information. It can be with tangible documents via filing cabinets, or digitally via networked servers. They may even rent "cloud" space to safeguard and keep vast volumes of personal information. Despite the growing occurrence of data breaches affecting private, public, and nonprofit organizations, the majority of organizations and businesses admit knowing too little concerning the consequences and risks of failing to sufficiently safeguard personal information collected from volunteers, employees, donors, and clients. The news has shown companies like Sony, Kmart, and Dairy Queen that have let leak sensitive information like credit card numbers and home addresses (MONEY.com, 2014). The question is should organizations and businesses like these be held liable for damages from the compromise of leaked sensitive data? The answer is yes.
People are convinced by businesses and organizations to hand over sensitive information. They put their trust in these companies and nonprofits with information that, if in the wrong hands could wreak havoc in their lives from identity fraud to credit score damage. It truly shows how much people believe in the organization to let go of such potentially damaging information. Therefore, when a company/organization has a hacking incident or accidentally leaks the private information, they should pay the consequences.
People often cite hackers as the culprits for leaked information. However, sometimes-private information can be leaked from inside sources. In a 2015 article, council workers and social workers have been found to leak sensitive information or reveal private information and evade punishment. Some examples of leaked personal information go as far as revealing personal information of children. "In one instance, a social worker left papers containing confidential records about children and information linked to sex offenders on a train, and in another, an unencrypted laptop containing the details of 200 schoolchildren was stolen" (Ward, 2015). Because few of them faced any real consequences for their actions and the act itself was not frowned upon, the instances of leaked personal information grew.
People must be held responsible for their actions. If they are not, it could prove disastrous to many people's lives. The...
There are many more examples in private sector organizations. If the consequences for these actions continue to be lax, then people within these organizations will never learn to spot suspicious activity like card reader placements or implement standards that reduce exposure of sensitive data. Going back to the example of the sensitive documents left in the train, if standard protocol involved never leaving the office with physical copies of people's personal information that accident would have never happened.
Improving oversight must take priority. This is especially true as newer technology takes personal information off tangible documents and onto apps. "Yet few studies have evaluated the legal implications of the expansion of mHealth applications, or "apps." Such apps are affected by a patchwork of policies related to medical licensure, privacy and security protection, and malpractice liability" (Yang & Silverman, 2014, p. 222). Apps can be used with mobile phones and viewed from anywhere there is a mobile connection. It can also be easily accessed by hackers as mobile phones have become notoriously easy targets to hack into. Therefore, it becomes an issue of whether or not people are able to handle the influx of potential threats and/or care to handle them. If consequences are not met for those who break confidentiality, what will motivate them to improve? To safeguard the private data?
Google Inc. has made searching the internet easy and quick. However, it has also exposed people to those that wish to find them and gain their personal information. "In May 2014 the Court of Justice of the European Union delivered a landmark ruling in Google Spain SL, Google Inc. v Agencia Espanola de Proteccion de Datos Mario Costeja Gonzalez" (Lindsay, 2014, p. 159). The ruling helped to establish a "right to be forgotten" understanding that existed and continues to exist under the existing European data privacy law and the 1995 Data Protection Directive. People have under this law, the right to ask Google to remove certain material from their search results. Although Google Inc. has receive well over 170,000 requests by the middle of November 2014, they have refused to cooperate as quickly as expected.
Although companies like Google and…
