Following the data breach of toy maker, VTech, last year, the company is now trying to embed data breach acceptance in its Terms and Conditions.
More than 6.3 million children's accounts were affected by last year's breach, which gave the perpetrator access to photos and chat logs. VTech's new terms and conditions state that parents must assume responsibility for future breaches.
http://www.bbc.co.uk/news/technology-35532644
Security experts from AlienVault and Proofpoint discuss the company’s move:
Javvad Malik, Security Advocate at AlienVault observes: “This is a bad stance for a company to take. It’s trying to take a completely zero accountability approach to a product they are selling. On top of that, it could potentially set a terrible precedent for other technology companies.
In today’s digital age, personal data is in some ways worth as much as currency. Imagine if the banks turned around and stated in their terms and conditions that by placing money with them, you lose any expectation that the money will be kept safe because bank robbers may loot the vault.
I really hope VTech takes a look at their statement and the data they hold and reconsiders their position on the matter.”
Ryan Kalember, SVP, Cybersecurity Strategy at Proofpoint says: “This change to their terms and conditions is out of step with where both leading private enterprises and regulatory bodies are moving. Despite likely being unenforceable in practice, it is a very worrying signal to be sending to customers, who should be counting on stronger measures to protect their personal data in the wake of the European Union’s newly stronger stance on data protection and personal privacy."