Data breaches involve the same old mistakes; we must break the cycle
Phil's predicament sounds a lot like our cruel cycle with data breaches.
While Phil eventually figured out how to break the loop, we're still stuck: the same types of data breaches keep occurring with the same plot elements virtually unchanged.
Like Phil eventually managed to do, we must examine the recurring elements that allow data breaches to happen and try to learn from them.
The main plotline of so many data breach stories is human error.
Despite the fact that human error is an aspect of most data breaches, many organizations have failed to train employees about data security.
Instead of hoarding as much information as possible, they should enact policies of data minimization to collect only data necessary for legitimate purposes and to avoid retaining unnecessary data.
Many of the organizations that have had big data breaches were also big spenders on data security.
Although at the surface, data breaches look like a bunch of isolated incidents, they are actually symptoms of deeper, interconnected problems involving the whole data ecosystem.
Another underappreciated important protection is data mapping: knowing what data are being collected and maintained, the purposes for having the data, the whereabouts of the data and other key information.
The law keeps on serving up the same tired consequences for breached companies instead of trying to reform the larger data ecosystem.