I can see that logic for a convertible, but I don't see how it could ever be better for businesses to leave security vulnerabilities in place.
Sounds like the underlying issue is that some people (who should know better) still believe security through obscurity is a viable way of business.
This also reminds me of the case of Julian Harris. A man in Brisbane who was recently fined $44 for leaving his car window down while he was away from the car. The reason, is because it makes it easier for a thief to steal things from the car or steal the car itself. So clearly, Australian authorities understand that leaving oneself vulnerable (aka. "security negligence") should be punished even if you're not taken advantage of.
But you can't study "how X has changed over time" if you don't even have the original data that you'd be comparing it to?
Still, that's not really my point. I'm saying that without the original data (and remember this is data that cannot be gotten again even with effort), one cannot re-do the study and see if the results are reproducible. Therefore, the entire scientific process is impossible with studies that have lost & irretrievable data.
The very fact that "Much of these data are unique to a time and place, and is thus irreplaceable, and many other data sets are expensive to regenerate.", makes me wonder if this could even be considered "scientific data" anymore. Since the data is unique to a time & place and irreplaceable, it would completely destroy the reproducibility aspect of the scientific process. Given that, should the lack of reproducibility mean that lost scientific data should be redefined as experimental data or hypothesis data? It also brings up the idea in my mind that scientific data has a half life since it can degrade back to hypothesis or experimental data if not properly stored.
Are you serious? This is entirely enforceable without unreasonable difficulty. It's easy to find out who owns an IP address and there's always contact info attached to that record. If the fine isn't paid or isn't paid on time, it's only a simple matter of shutting the company's site down 'til the fine is paid. We're not talkin' about individuals here, but companies, especially hosting services, etc. Notification would come through an official gov't somebody, not something like a spamish-lookin-email. Anybody who's setting up servers that falls for a spamish-looking-email about this, deserves whatever problems they get as a result of believing such an email. They really should know better.
And while they're at it, they should fine everyone who's DB is stolen due to stupid insecure setups... SQL injections, plaintext passwords, etc. This stuff isn't excusable, and it's pretty shocking that it's still common in late 2013. Can you imagine how much money the gov't would've made off Adobe and SONY over the past few years? That'd probably help lower our taxes (in theory).
Wasn't it just last year that SONY kept gettin' hacked for stupid security? And they weren't the only ones. Just a couple years ago, PC Pro had an article called "Is This The Golden Age of Hacking?". Last year, Ars Technica had an article "Why passwords have never been weaker—and crackers have never been stronger". The state of security on the internet is appalling & that was well known before Snowden woke people up with more facts about the appalling nature of internet security.