Clear regulations with legal penalties and regular audits for companies that hold information like SSNs.
Maybe this would lead to a rise in secure storage firms that actually do their job with this so small outfits like employers could continue to identify employees without having to actually have a SSN in the database.
is the government going to do those? it doesn't seem to be able to do that sort of thing now. how will the government gain the resources, the capability?
The government inspects buildings, food, a number of things. Somewhat capably. For the record I'm not a big proponents of more government. But something needs to be done about companies irresponsibly holding personal information at this level.
i'm not against government regulations or government inspections, but it seems to me the government is mainly good at passing laws and regulations it cannot or will not enforce.
i don't see the government doing a good job of regulation enforcement.
sometimes it's corrupt (e.g. building inspection approvals in Los Angeles, where I live, have sometimes required side payments to the inspectors).
wouldn't disclosure of hacks (by Equifax) be strongly disincentivized with this scheme?
wouldn't Equifax just lie to the public if they discovered a hack so that their insurance premiums stayed low?
worse yet, would Equifax just eliminate security audits and stop looking for hacks altogether so they could plausibly claim their data was secure?