>I work remotely, meaning face-to-face conversations are out of the question.
Zoom? Phone calls? You choose to use a recorded form of communication, but there are options. That said, if your goal is to intentionally hide information from use in a future lawsuit, there are easier ways to decrease your business's liability that don't run the same risks.
> If I point it out, the business schedules it to be handled in a quarter or two, and they get hacked in the meantime then my chat message is on the record as evidence that the business was aware of the problem and "did nothing".
You example about nobody wanting you to point this out because that creates liability is an error. The liability arguably already exists because the business should have known of the issue and did not. A policy of not reporting security issues because they fear lawsuits makes things much worse, making it potentially rise to recklessness. So you not telling the company about it on purpose, if that's a part of the culture of the company, is likely worse than you telling the company and having them make a reasonable assessment of risk and resource allocation. That's not "doing nothing" from a legal standpoint. Whether their decision was reasonable under the circumstances is one thing but it's usually not random people on the street evaluating this.
By the way, this has nothing to do with chat. Why do you think many companies routinely do security evaluations? It's not because consumers care. If your example is true companies would do better to not have security at all.
Finally with this, even if it were better for the company not to report it would be worse for you not to report.
>Requiring recording of all communications just encourages the business to not communicate internally, leading to the exact same problems recording was supposed to prevent.
Courts don't do that, though. Businesses decide to use recorded communication, much the same way they did when the law was created and distance was an issue.
> It would be legally preferable to ship a product full of issues the business is unaware of than to ship a product with a single issue that the business is on record knowing about
That's not necessarily true, but even if it is it wouldn't be preferable from a commerce standpoint. This isn't business in a legal vacuum.
Zoom? Phone calls? You choose to use a recorded form of communication, but there are options. That said, if your goal is to intentionally hide information from use in a future lawsuit, there are easier ways to decrease your business's liability that don't run the same risks.
> If I point it out, the business schedules it to be handled in a quarter or two, and they get hacked in the meantime then my chat message is on the record as evidence that the business was aware of the problem and "did nothing".
You example about nobody wanting you to point this out because that creates liability is an error. The liability arguably already exists because the business should have known of the issue and did not. A policy of not reporting security issues because they fear lawsuits makes things much worse, making it potentially rise to recklessness. So you not telling the company about it on purpose, if that's a part of the culture of the company, is likely worse than you telling the company and having them make a reasonable assessment of risk and resource allocation. That's not "doing nothing" from a legal standpoint. Whether their decision was reasonable under the circumstances is one thing but it's usually not random people on the street evaluating this.
By the way, this has nothing to do with chat. Why do you think many companies routinely do security evaluations? It's not because consumers care. If your example is true companies would do better to not have security at all.
Finally with this, even if it were better for the company not to report it would be worse for you not to report.
>Requiring recording of all communications just encourages the business to not communicate internally, leading to the exact same problems recording was supposed to prevent.
Courts don't do that, though. Businesses decide to use recorded communication, much the same way they did when the law was created and distance was an issue.
> It would be legally preferable to ship a product full of issues the business is unaware of than to ship a product with a single issue that the business is on record knowing about
That's not necessarily true, but even if it is it wouldn't be preferable from a commerce standpoint. This isn't business in a legal vacuum.