Today was the 2nd Annual Privacy & Cybersecurity Law Institute CLE at the NY City Bar. Though it was mostly about privacy breaches in big companies with big data and how to data mine without being creepy (?), it provided some useful tidbits that can be scaled down to businesses, such as small law firms, that consolidate the titles of Chief Risk Officer, Chief Information Security Officer, and breach committee, into a single person. Not only did I learn that “data is the new bacon,” but also that breach contracts with prospective vendors is the “new pre-nup” and that there exists “It’s All About the Risk” infosec tshirts.
I won’t go into the substance of the nine hour event here. Just a quick muse on something said by Evan Norris, Esq., Chief of the National Security and Cybercrime Section of the US Attorney’s Office Eastern District. His panel was called “Risks & Rewards of Big Data — Surveillance, Corporate Monitoring & More.” Earlier in the day a different panelist had said that many companies learn of their data breach not from internal monitoring, but from an FBI agent showing up and dropping off a card with a couple IP addresses. Many companies are shy to report data breaches at early stages because of the obvious reputational, legal, and fiscal consequences. Plus there’s enough interpretive room in the regulatory scheme to do some in-housekeeping before triggering the obligation to report. Norris, though, encouraged businesses to report breaches asap, claiming that doing so allows businesses to get “out in front” of the problem and fosters a positive and collaborative relationship with law enforcement who aren’t interested, he said, in criminal wrongdoing by the company for possibly negligent cyber-security standards, but just want to stop the bleed, and identify and punish the wrongdoers. At one point, Norris said, “If you’re a business, it’s good to be a victim.” He repeated this a few times as though surprised by the words, himself. He went on to list several benefits including financial compensation for victim-corps. People nodded. Strange to me was how acceptable victimhood was in this context. And apparently, rewarded with money.
In an earlier blog post about victimhood I marveled at the bravery of victims of sex crimes who’d gone on to become advocates. The post came under fire by a couple people elsewhere online. In their warped view, honoring victims somehow celebrates false accusers. They claim we live in a victimocracy. They think that treating victims honorably will breed faux victims who’ll falsely accuse just for the attention. Basically, they think that being a victim should remain as shameful and shamed as it always has been and that society as a whole will suffer if they describe their story.
It’s no surprise that with a Supreme Court that says corporations are people and a society so financially and politically favorable to corporations, that even victimhood has its privileges and empowerment . . . if you’re a corporation. I wonder if anybody ever asked Target what it was wearing when its data was breached.