

I've discovered a data breach, what should I do? - bermudatriangle

I've just discovered a data breach - 80,000+ names, emails, addresses and birthdates all publicly available on Google. This is personally identifiable information.<p>The data owner is not responding. What should I do?
======
jnorthrop
Send them a list of data breach notification laws by state:
[http://www.csoonline.com/article/439940/state-breach-
disclos...](http://www.csoonline.com/article/439940/state-breach-disclosure-
laws-update)

That might scare them into action. They have very real legal obligations and
if they are in Europe the laws are even more strict.

Edit: A more complete list:
[http://www.ncsl.org/IssuesResearch/TelecommunicationsInforma...](http://www.ncsl.org/IssuesResearch/TelecommunicationsInformationTechnology/SecurityBreachNotificationLaws/tabid/13489/Default.aspx)

~~~
bermudatriangle
Well, I'll leave it a few more days to give them a 'reasonable' period to sort
it out, then put in a complaint to the UK's ICO office:
<http://www.ico.gov.uk/complaints/data_protection.aspx>

Although I'm pissed they neither responded to my complaint nor bothered to
remove the spreadsheet. Makes me wonder how ignorant some of these
corporations really are...

------
Khao
Trying to contact Google could be a good thing. They would probably remove it
from their system so at least it's not searchable from Google and make it
harder to find.

~~~
bermudatriangle
Thanks for the idea but this falls outside Google's criteria for reporting
personal info in search results:
[http://www.google.com/support/webmasters/bin/answer.py?answe...](http://www.google.com/support/webmasters/bin/answer.py?answer=164133)

Basically they say 'tell the site owner to remove it...'

