Announcement

Collapse
No announcement yet.

Query re: duty of care to protect information

Collapse
This topic is closed.
X
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Query re: duty of care to protect information

    Just the facts first:

    1. User receives spam for mortgage broker in the USA.

    2. User quickly & easily tracks down ISP of spammer for purpose of
    reporting abuse, which involves simply using a widely-used local
    filter that logs HTTP transactions to identify the target of the java
    on the front page, which is hosted in China to avoid US laws and
    policies regarding spam.

    3. During this process, user finds that spammer is harvesting personal
    data
    of a large group of people who responded to the spam and posting it
    on
    a page that is easily accessible without having to crack passwords
    or
    anything.

    4. User notifies parties whose data were posted insecurely and is
    asked about a class-action suit against the spammer. User is also
    advised that one victim has been harassed via email and the telephone
    to the point where it might be deemed stalking. Probably others have
    been as well.

    5. Contact details of spammer are readily subpoenable from a major US
    hosting company.

    IANAL, but it seems to me that:

    a. if the spammer is actually a financial consultant in the US who can
    broker mortgages with allied companies, at LEAST the spammer is liable
    for breaching duty of care to clients by making personal data easily
    available on the web.

    b. if the financial companies flogging mortgages are knowingly hiring
    a spammer to generate business for them, they may be liable for the
    actions of their agent.

    c. victims who have been harassed may be eligible for additional
    damages due to upset caused by such tactics, especially if they reside
    in WA or CA.

    Therefore, even though IANAL, as an 'abuse consultant' with many years
    experience as basically a volunteer spamfighter, I could provide a
    statutory declaration about the ease with which such information was
    recovered by someone with no technical degree in computing to support
    complaints by the list of complainants in a class-action suit if such
    a suit were deemed viable by you legal professionals out there...
    Thoughts?

Working...
X