Greg Turner reports:
Belmont Savings Bank agreed to pay $7,500 in a settlement of a consumer data breach case with the state attorney general’s office.
In May, the bank lost an unencrypted computer tape containing the personal information of more than 13,000 customers.
A bank employee left the backup tape on a desk instead of storing it in a vault for the night, and it was inadvertently tossed into the trash by a cleaning crew, according to Attorney General Martha Coakley’s office. The tape “was most likely incinerated” by the bank’s waste-disposal company.
Read more on BostonHerald.com
As much as I am for enforcement, I must confess that I do not approve of this fine. What is the point in fining an entity for a human error mistake – one of those momentary brain fade mistakes that we all make many times in our lives and work? Wouldn’t it just make more sense to say, “Thanks for reporting and notifying your customers, and what’s your plan so you avoid this type of screwup up again?”
If Massachusetts or states start fining for breaches like this one, we may wind up with more entities trying to hide breaches. And that would not be a good outcome.
Let’s save the fines for more egregious breaches or where entities have repeat breaches because they do not seem to have learned from their mistakes.