Photos of travellers who entered and exited the U.S. were stolen in a data breach - If it were a private company who'd be held liable?

Photos of travelers collected by U.S. Customs and Border Protection (CBP) have been compromised in a data breach, the agency revealed on Monday. "The subcontractor’s network was subsequently compromised by a malicious cyber-attack. No CBP systems were compromised."

Irrespective of who was finally at fault, citizens trust an agency (or do not trust, but are forced to trust) to collect private data and they expect that agency to take all measures to safeguard it. Here in South Africa, we have the POPI Act which can hold CEO's of companies privately liable and could result in jail terms. All these laws though are not worth the paper they are written on until someone really does go to jail. So what happens with government agencies? Does someone really get ultimately held liable and get sent to jail? If so, we can expect serious changes to the protection of data with "trust no-one" policies in place.

It's also yet another wakeup call why backdoors cannot be trusted. They always get found out and the humans in the chain are the weak links - then all your backdoors are out there and exposed...

You either have security or you don't have security.... there is no half security.

See #^https://mashable.com/article/cbp-photos-data-breach/?utm_source=feedly&utm_medium=webfeeds

#security #privacy #POPI
#^Photos of travelers who entered and exited the U.S. were stolen in a data breach