Hacker News new | past | comments | ask | show | jobs | submit login

Yes of course GDPR is not a law about plain text passwords, but (as the sibling comment points out), pretty much everybody considers the use of appropriate hashing as a requirement to to ensure a level of security appropriate to the risk.

https://www.gamingtechlaw.com/2019/04/first-gdpr-fine-italy.... this fine specifically mentions password storage (among many other things)

Also see previous thread on HN: https://news.ycombinator.com/item?id=18531588




On top of that GDPR requires companies to notify customers of data breaches, which risks reputation damage. Another liability of shoddy security.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: