
Self Regulation of Data and Privacy Isn't Working - beater1989
http://www.righttobeforgotten.org.au/
======
Bucephalus355
I work for a major auditing firm. The customers we audit the majority of have
quite good security. When we start to ask about the subcontractors, things get
bad quickly.

Many companies protect the easy stuff, and then outsource a lot of the work to
subcontractors. They then send them a self-assessment survey about their
“security”. It’s all bullshit.

Case in point, we actually drove out to one of these subcontractors for a
major data center provider. We got stuck in traffic, but figured what the hell
and still pushed on, arriving at 6:00 pm. We walked in...literally. They had
left for the night and forgotten to lock the door, computers, servers, drives,
routers you name it everywhere. Their 3-year contract was voided later that
evening.

