Firstly, answer to yourself is it practically possible to store and use vast amounts of data safely, without risk of being compromised?
If you say no, then we shouldn’t be doing this. If you said yes:
Since you think it is practically possible to do safely, the penalty for any company who fails to do this should be instant corporate death. Automatic nationalization and liquidation to compensate the victims. People who are found in court to be responsible should face severe consequences. Criminal negligence, multiple counts.
That’s the only way I see to get all of these data hoarding fucks to take it seriously.
Or we could collectivize, organize, arm ourselves, seize control of the means of production, and put leaders, politicians, billionaires and corporate executives on trial for their crimes to determine between re-education or execution.
The penalty should be equivalent to the amount of people affected. At least $1000 per person fine is bare minimum. So, that’s a fine of 1 trillion payable by the shareholders.
If I order online, my data only needs to be retained until I get my item. A electronic receipt can be sent via email.
Social networks should have human moderation, and not insist on retaining real-world data about users.
These things could be accomplished through regulation, and if enough countries (or US states) put those regulations in place it will eventually be more cost-effective for companies to implement the changes globally.
Tax records are required to be kept for 7 years in North America (generally, as far as I know - def in Canada). So you order something online from a business, they have a business need to keep your data on hand for 7 years in case an auditor / tax person comes asking about it. Be that someone auditing the business, or someone auditing a customer. That’s a requirement from the government.
I’ve seen customers ask for tax stuff going back up to 20 years from a business. In those cases, if there’s demand for data going back that far for whatever reason, the business can internally say “We have a business reason to retain data longer” because people ask for it – there’s demand. So they can justify to auditors/legal sorts retaining that information indefinitely, based on user demands/requests.
In some cases when I’ve seen those ancient requests, it’s also tied to legal disputes from customers – eg. Trying to prove in a divorce that such and such was bought by party A in 2005 for X amount. In some cases, there’re class actions that go outside the 7 year window, and require data from further back to sort out – for example there’s a case in Canada currently where a financial lender is paying back ~$2000 per person that took a loan from them from 2016-2021 (so ~10 years of personal data needs to’ve been kept, to verify early claimants). Part of needing to keep data so long, is that the court cases are often so drawn out that the 7 year window would make some crime/wrong-doing much more difficult to prosecute due to a lack of evidence. I know of one class action lawsuit in the Financial Industry that’s been ongoing since the 90s, and still isn’t fully resolved – most of the potential class action recipients are deceased at this point, and the only people profiting are lawyers, but still. Lawyers are a part of the problem, and a reason why data is often being held longer and longer. Honestly, Lawyers are also terrible at securing their data --they tend to rely on paper-controls to prevent their unsecured data from getting used, rather than actual hardening. Like there was a guy who spent a few years in Colombia or something, his personal laptop being used for all sorts of nefarious stuff, and when he came back to Canada and the border people took his laptop, it was totally unencrypted/unsecured. They guy just argued it was his “legal work” laptop and everything on it is confidential and can’t be used in court.
Idk. I think your approach is overly simplistic for the issue. There’s a lot of “stuff” related to corporate data retention policies and methods, and I don’t really see much nuance in what you’re proposing. Hell, if they only kept your data till you got your item, youd NEVER be allowed to get a refund, cause they’d have no record of you purchasing the item.
I think about this kind of simplistically.
Firstly, answer to yourself is it practically possible to store and use vast amounts of data safely, without risk of being compromised?
If you say no, then we shouldn’t be doing this. If you said yes:
Since you think it is practically possible to do safely, the penalty for any company who fails to do this should be instant corporate death. Automatic nationalization and liquidation to compensate the victims. People who are found in court to be responsible should face severe consequences. Criminal negligence, multiple counts.
That’s the only way I see to get all of these data hoarding fucks to take it seriously.
/end pipe dream
Something something not their fault, suffering from lead deficiency.
Or we could collectivize, organize, arm ourselves, seize control of the means of production, and put leaders, politicians, billionaires and corporate executives on trial for their crimes to determine between re-education or execution.
If we’re going to dream.
The penalty should be equivalent to the amount of people affected. At least $1000 per person fine is bare minimum. So, that’s a fine of 1 trillion payable by the shareholders.
The EU GDPR doesn’t go nearly far enough.
If I order online, my data only needs to be retained until I get my item. A electronic receipt can be sent via email.
Social networks should have human moderation, and not insist on retaining real-world data about users.
These things could be accomplished through regulation, and if enough countries (or US states) put those regulations in place it will eventually be more cost-effective for companies to implement the changes globally.
Tax records are required to be kept for 7 years in North America (generally, as far as I know - def in Canada). So you order something online from a business, they have a business need to keep your data on hand for 7 years in case an auditor / tax person comes asking about it. Be that someone auditing the business, or someone auditing a customer. That’s a requirement from the government.
I’ve seen customers ask for tax stuff going back up to 20 years from a business. In those cases, if there’s demand for data going back that far for whatever reason, the business can internally say “We have a business reason to retain data longer” because people ask for it – there’s demand. So they can justify to auditors/legal sorts retaining that information indefinitely, based on user demands/requests.
In some cases when I’ve seen those ancient requests, it’s also tied to legal disputes from customers – eg. Trying to prove in a divorce that such and such was bought by party A in 2005 for X amount. In some cases, there’re class actions that go outside the 7 year window, and require data from further back to sort out – for example there’s a case in Canada currently where a financial lender is paying back ~$2000 per person that took a loan from them from 2016-2021 (so ~10 years of personal data needs to’ve been kept, to verify early claimants). Part of needing to keep data so long, is that the court cases are often so drawn out that the 7 year window would make some crime/wrong-doing much more difficult to prosecute due to a lack of evidence. I know of one class action lawsuit in the Financial Industry that’s been ongoing since the 90s, and still isn’t fully resolved – most of the potential class action recipients are deceased at this point, and the only people profiting are lawyers, but still. Lawyers are a part of the problem, and a reason why data is often being held longer and longer. Honestly, Lawyers are also terrible at securing their data --they tend to rely on paper-controls to prevent their unsecured data from getting used, rather than actual hardening. Like there was a guy who spent a few years in Colombia or something, his personal laptop being used for all sorts of nefarious stuff, and when he came back to Canada and the border people took his laptop, it was totally unencrypted/unsecured. They guy just argued it was his “legal work” laptop and everything on it is confidential and can’t be used in court.
Idk. I think your approach is overly simplistic for the issue. There’s a lot of “stuff” related to corporate data retention policies and methods, and I don’t really see much nuance in what you’re proposing. Hell, if they only kept your data till you got your item, youd NEVER be allowed to get a refund, cause they’d have no record of you purchasing the item.