A night of drinking ended with worse consequences than a hangover. I’m Amy E. Feldman.
After a night of drinking, an IT worker in Osaka, Japan fell asleep on the street and when he woke up, the bag he’d been carrying had been stolen. Inside that bag was a flash drive with the personal data of all of the city’s half million residents. Residents are up in arms—as is anyone whose data has ever been compromised, who want to know: what legal penalties can someone who didn’t hack the information but was responsible for a data breach face?
In the US, probably not as much as you’d hope. Companies who don’t take adequate security measures can face actions by the SEC, FTC, and state Attorneys General both for the breach and if they try to cover it up. In addition, the company and its directors can face monetary penalties. But while people have been fired, so far, absent evidence somebody stole the data or personally benefited, criminal charges haven’t been brought. It’s a good reminder though: do not drink and carelessly carry data.