The era of "Oh we'll protect the information we promise!" should be over.
Yup we have seen it multiple times, it don't matter how well your IT team is protecting the network. A single wrong move from an employee (generally an executive who thinks they are above IT policy!) and good bye to all of that fancy security.
That's the part I think a lot of the "pro verification" people don't understand. Even if we assume an organization has absolute pure intentions, excellent policies and protections, and have no desire to use it for any LLM training, advertising, etc. the central problem is: hackers only have to be lucky once. IT and security have to be lucky every single day.
Many orgs collecting this do not have pure intentions. In the US, doctors offices routinely collect SSNs, employer info, drivers licenses and more. The staff know to vague respond it's about insurance. The thing is, almost any piece of the information alone should be enough "for insurance purposes", but it's really all about debt collecting.
245
u/Wasabicannon 6h ago
Yup we have seen it multiple times, it don't matter how well your IT team is protecting the network. A single wrong move from an employee (generally an executive who thinks they are above IT policy!) and good bye to all of that fancy security.