Giving corporations a free pass for not protecting your data

The House of Representatives recently considered the “Protecting Cyber Networks Act” and the “National Cybersecurity Protection Advancement Act of 2015.” While their main purpose is to prevent cybersecurity crime, they expose everyday people to identity theft because of companies that don’t practice safe cybersecurity.

Cybersecurity is the practice of protecting a Web site, database, or machine connected with the internet from people attempting to hack into the location and retrieve information. Hackers can have a variety of goals, such as destroying a database with important information, forcing a machine connected to the Internet to do something the owner doesn’t want it to do, or simply wanting to take private information about consumers, either to use themselves or to sell to another bad actor. Many companies have created software to protect against these hackers, others have personnel whose sole job is to protect the company. No matter the form of their cybersecurity, all companies that take information from consumers should be as careful with that information as the consumers themselves are.

Americans rely on companies to exercise cautious, safe cybersecurity practices, because we share our personal information so frequently. A quick purchase online gives a company access to your credit number. A stop by the ATM, your pin number. Manage your healthcare account online, and the health insurance company has your social security number in their computer database. We trust companies with our information in this way because it is the way we do business in today’s society. It would be difficult to make purchases, access cash, or manage accounts otherwise, as the world is now built to be technology-based.

But what if a company doesn’t protect your credit card the way you protect your credit card? You stop by the ATM and cover the pin pad while you type in your code, number by number, but once the information is out of your control, does the bank do its part? Securing a database is not a standardized procedure—there are companies that do a good job, and companies that do a bad job. Companies that don’t take the precautions necessary to protect your information should not be allowed to walk away freely, while you’re left picking up the pieces of your identity after a cyberattack.

That is what these bills would do. Companies that participate in data sharing under these bills cannot be held “liable” for their negligent cybersecurity. This means that you can’t take them to court to hold them accountable, even if there’s clear evidence they didn’t protect your data. If your information is stolen by hackers, the attackers could do anything from taking out loans in your name to sending you extortion letters. And the company that didn’t provide reasonable precautions in protecting their database could not be held accountable for their negligence. It doesn’t matter how careful you were and how not-careful the company was, you are the only one who has to deal with the negative effects of their bad cybersecurity.

Data sharing would open up the possibility for companies to share information about attempts to hack their databases with the government, and the government could share information about hackers in return. While a laudable goal, many are concerned that personal information, from your banking habits to your family life could be shared with the government without fear of recourse. However, by sharing this information, it would be easier to figure out who hackers are, and when they’re attempting to break into a database. These bills are attempting to walk a fine line between oversharing with the government and protecting our cyber safety, but to achieve this balance, companies must not be permitted to behave recklessly with your information with impunity. There is no part of data-sharing, whether it’s protecting your information from the government or protecting your company from hackers, that mandates a “free pass” for bad cyber behavior, while everyday consumers are left with the bill.