I genuinely think it should be a legal liability to make a claim such as "we have strict security measures on the platform to ensure that your personal information and your safety are secured."
First, because they're probably just outright lying to imply they're taking security as a paramount priority. They're likely following minimal guidelines to cover their own asses legally.
Second, because it's physically impossible for them to guarantee data security. It's like making a promise to a child that they're never going to die. A security breach is a matter of probability, not a door you can close and forget about. A society that allows companies to make absolute assurances about security at all is endangering itself. But it also means that levels of security and due diligence are difficult to quantify because we don't even conceive of it as a probabilistic issue.
(I also just watched the new Ashley Madison doc and it's really sticking with me that they made up fake certificates of security while putting virtually no effort into the real thing, and actively chose to play chicken with their users' data when they had the option of closing up shop - an extraordinarily clear case of being blinded by greed, especially as the payout was obviously forfeit if the hackers followed through. Both of these choices should have legally put much of the blame for the fallout and suicides on the CEO.)
First, because they're probably just outright lying to imply they're taking security as a paramount priority. They're likely following minimal guidelines to cover their own asses legally.
Second, because it's physically impossible for them to guarantee data security. It's like making a promise to a child that they're never going to die. A security breach is a matter of probability, not a door you can close and forget about. A society that allows companies to make absolute assurances about security at all is endangering itself. But it also means that levels of security and due diligence are difficult to quantify because we don't even conceive of it as a probabilistic issue.
(I also just watched the new Ashley Madison doc and it's really sticking with me that they made up fake certificates of security while putting virtually no effort into the real thing, and actively chose to play chicken with their users' data when they had the option of closing up shop - an extraordinarily clear case of being blinded by greed, especially as the payout was obviously forfeit if the hackers followed through. Both of these choices should have legally put much of the blame for the fallout and suicides on the CEO.)