So, what does this have to do with information security? Well, it has to do with negligence. We've been pretty cavalier about responsibility for the safety and security of our information systems. "No, that's the responsibility of the developer." "No, that's the responsibility of the user." "No, that's hardware."
It's time to start thinking hard about liability and responsibility. Before some court does it for us ...
Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413
This message may or may not be governed by the terms of http://www.noticebored.com/html/cisspforumfaq.html#Friday or https://blogs.securiteam.com/index.php/archives/1468
I agree, this is indeed an important issue to resolve and bring to the fore. The implications and rush to bring new ideas and new related technology to the market rushing and pushing it out - with little concern for the implications is great for those Agile minded developers, with their Kanbans, and standups - but they have very little regard for the implications of their decisions i.e. privacy by design and secure by design.
Just get it out to the market, and selling with regard from a liability and responsibility perspective.
Look at the legacy IoT issues, we now face, the issues around privacy and even this week Nissan admitted that they had left the recording function on their internal entertain system on for three months, collecting all sorts of information, before they decided to turn it off. So what happened to the data collected, I bet it was analysed thoroughly, but no mention of whether the individual owners were informed, or that the data totally erased and eliminated.
More of this is going to happen regularly, and we need to take some responsibility going forward.