> Also, as other commenters have pointed out, we don't want to discourage good people from running credit bureaus out of fear that innocent mistakes may get them hung.
I couldn't agree more with the rest of your comment, but I draw an almost opposite conclusion.
We should discourage people, good and otherwise, from running credit bureaus. Collecting and holding sensitive personal data on millions of people is inherently a mistake, and after the last few years of data breaches it's getting hard to argue that it's an innocent one.
Companies have proved time and again that they can't be trusted with huge datasets on the general public. They don't have much incentive to apply the level of paranoia necessary to actually protect data that valuable, and even when they do they rarely have the level of InfoSec skills and, more importantly, culture to actually pull it off. In practice we see 2 or 3 nines of reliability when we actually need about 5 nines.
We should stop waiting until leaks happen. Holding sensitive personal data on hundreds of millions of people ought to be congressional hearing level scandalous whether that data has leaked yet or not.
I couldn't agree more with the rest of your comment, but I draw an almost opposite conclusion.
We should discourage people, good and otherwise, from running credit bureaus. Collecting and holding sensitive personal data on millions of people is inherently a mistake, and after the last few years of data breaches it's getting hard to argue that it's an innocent one.
Companies have proved time and again that they can't be trusted with huge datasets on the general public. They don't have much incentive to apply the level of paranoia necessary to actually protect data that valuable, and even when they do they rarely have the level of InfoSec skills and, more importantly, culture to actually pull it off. In practice we see 2 or 3 nines of reliability when we actually need about 5 nines.
We should stop waiting until leaks happen. Holding sensitive personal data on hundreds of millions of people ought to be congressional hearing level scandalous whether that data has leaked yet or not.