Comment Re:No chance in Hell this will pass... (Score 1) 125
Will it be as toothless as HIPAA or SOX, where the only person thrown in jail on Sarbanes-Oxley was guy who fished up one too many groupers?
If you think that HIPAA and SOX are toothless, you don't know anything about them. The number of people thrown in jail is far from the only valid metric. Spend some time working in corporate worlds that manage medical or financial information and see just how terrified everyone is of violating them. In the relevant industries you can get almost anything done, regardless of whether it makes sense, if you can make a vaguely believable argument that HIPAA or SOX requires it.
If enforced, where is there proof that the hole was discovered, and what date? I'm sure a H-1B will be darn sure to keep mum when he/she actually found the breach in order to not be deported.
From an enforcement perspective, the date will be the date on the first documented discussion, or the date recalled by a whistleblower. This sort of stuff tends to always generate an e-mail trail.
What is a breach? Is someone duping gold on ClicheQuest considered a breach? A warp hack? What about a web server showing the FTP server's links? The courts can be clogged for years of lawyers deliberating this... and when it comes to technical issues, courts tend to side with what side has the most lawyers.
Sure, for any situation there are edge cases. But who cares whether gold-duping is considered a breach? A laptop full of names and social security numbers walking out the door is clearly a breach, and that's what we care about. But, regardless, legislation actually tends to be quite careful about defining such things. That care is a lot of what makes the law hard to read.
What happens when a breach and trade secrets smack into each other? A court erroring one way, and businesses can have their secret sauce dumped out by clever lawyers. Another way, and every breach can be covered up as a trade secret.
Trade secret law cannot be used to hide information from courts. They'll simply request the data and seal it. If it's dumped out by lawyers that will only be because the lawyers for the owner of the secrets were negligent. Filing the motions needed to protect such data is their job.
Who is going to fund enforcement?
The Department of Justice, same as all federal laws. Sure, a future president could direct the DoJ not to bother, just as Obama has directed them not to pursue pot smokers, but in this case that would be a really hard move to justify politically.