MENU
NEWSLETTERS
MENU
SECTIONS
OTHER
CLASSIFIEDS
CONTACT US / FAQ
Advertisement
As Ohio's Attorney General, Mike DeWine sued companies whose data breaches hurt consumers.
1
MORE

Carrots for cybersecurity

ASSOCIATED PRESS

Carrots for cybersecurity

Dec 4, 2017
5:00 AM
0

The story of big companies admitting their lax cybersecurity led to theft of sensitive consumer data is a sadly familiar tale. Think of Yahoo, Target, Equifax. But what if instead of fearing lawsuits and congressional hearings after a breach, companies had a better incentive for taking better security measures?

Ohio Attorney General and gubernatorial candidate Mike DeWine has sued companies such as Target for data breaches that hurt consumers. In Target’s case, Ohio got a settlement of less than $500,000 from the company in restitution for a 2013 data breach. Ohio used the money on consumer-protection initiatives.

Click here to view more Blade editorials

Advertisement

But that did not stop the data breaches. Such lawsuits seem to do little to motivate companies to be more vigilant with the personal data they collect from citizens.

In the case of the Equifax data breach this year, the company had been warned months earlier about a vulnerability in its system but did nothing.

Now Mr. DeWine’s cybersecurity task force has crafted a measure aimed at giving companies a better reason to care. The Data Protection Act, which has been introduced in the state Senate, would shield companies from lawsuits over data breaches if they take certain steps to secure their customers’ sensitive information.

The stick of lawsuits and settlements — even of being hauled before Congress for a grilling — does not seem to motivate big companies to take cybersecurity seriously. Maybe the possibility of avoiding any litigation — a carrot — will work better.

Advertisement

Companies with troves of personal information from consumers should care more about protecting that data without sticks or carrots. And the penalties for companies that expose that data through lax security or negligence should be more severe on both the state and federal level.

But if the prospect of insulating a company from consumer lawsuits motivates at least a few companies to begin taking cybersecurity more seriously, lawmakers should dangle that carrot for them.

First Published December 4, 2017, 5:00 a.m.

RELATED
SHOW COMMENTS  
Join the Conversation
We value your comments and civil discourse. Click here to review our Commenting Guidelines.
Must Read
Partners
Sponsored
Sponsored
Sponsored
Partners
Advertisement
TRENDING
As Ohio's Attorney General, Mike DeWine sued companies whose data breaches hurt consumers.  (ASSOCIATED PRESS)
ASSOCIATED PRESS
Advertisement
LATEST opinion
Advertisement
Pittsburgh skyline silhouette
TOLEDO BLADE
Copyright © 1997-2025 Toledo Blade Co. All rights reserved
TOP
Email a Story