Companies and employers can gather what ever information about us that they wish, but they aren’t compelled to keep that info secure. They are certainly not held accountable when it gets stolen.
Institutions, companies and government agencies often devote more resources to collecting information about employees and consumers than to protecting it, security specialists say.
negligence by employees and contractors has been a more common cause of corporate data breaches in the United States than malicious attacks, according to a study of 2011 done by the Ponemon Institute, a research center on data security, and financed by Symantec, a data security company.
Susan Landau, a Guggenheim fellow in cyber security, privacy and public policy, says companies and agencies are unlikely to improve data security without the threat of penalty.
“What are the personal consequences for employees who allow data breaches to happen?” Ms. Landau asks. “Until people lose their jobs, nothing is going to change.”