Hacker News new | past | comments | ask | show | jobs | submit login

This line of thinking doesn't work. I want to agree with you, but I can't. An executive could do all the right things by promoting and pushing for security in their organisation and still be hacked. Should he/she face jail now?

The OP called out "negligence," which would leave some wiggle room for the executive in your scenario. Promoting and spending directly on security would be proof that you're at least making a conscientious effort.

Problem is, executives don't understand those things. Of course it's very simple to point a finger at them, but they rarely are tech savvy, and they are there to run the company, not micromanage every decision every department makes.

Hiring people that don't know what they're doing isn't a reasonable excuse, such as Susan Mauldin, the ex-CSO of Equifax with a bachelor in music and no technical or security related education/training

Then they had better start hiring replacements soon..

I'm fine for a judge and jury to decide what is and isn't actually criminal conduct and whether the EO was negligent in protecting customer data. It needs to be explicitly illegal first, though.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact