Volkswagen has inadvertently exposed the personal information of 800,000 electric vehicle owners, including their location data and contact details. The breach, which occurred due to a misconfiguration in the systems of Cariad, VW’s software subsidiary, left sensitive data stored on Amazon Cloud publicly accessible for months. The exposed information included precise GPS data, which allowed […] The post Volkswagen Data Breach: 800,000 Electric Car Owners’ Data Leaked appeared first on Cyber Security News.
It needs to be illegal to collect that data in the first place. Without a law that affects all manufacturers, the ones that don’t do it will be at a disadvantage. The free market can’t fix this because it is a variation of the tragedy of the commons.
I would prefer there to be a law that severely punishes any company that has a data breach. Back in the early 2000s when the RIAA started suing people for sharing music online the courts in one case finally landed on a value of $9,250 per song shared as a reasonable fine. I think that might be a good number to start with when a company shares (purposefully or not) someone’s data without that person’s permission.
That would put Volkswagen’s fine at $7.4 Billion, which I think should help convince companies that they should really only collect and store data that they absolutely need… and to make securing that data a top priority.
Take it one step further though. The fine shouldn’t be calculated per customer, but per piece of data. So name, phone number, and address would be 3 pieces, and every GPS data point is another piece.