@foone this has _got_ to be some kind of crime, right?...

@foone this has _got_ to be some kind of crime, right? like, not you having the wav files, but the fact that someone gave them to you. a HIPAA violation at the very least

Like 19 August at 20:13 | Wall-to-wall | Open on mastodon.social

5 comments

Foone🏳️‍⚧️

@glyph oh, most likely.
but I probably have all this shit because they are gone and bankrupt

19 August at 20:14 | Open on digipres.club

Graham Sutherland / Polynomial

@glyph @foone sadly, no. at most it's *maybe* a GDPR violation depending on the content of the WAV files, but likely not, and I'm guessing that's going to be impossible to prosecute anyway because the assets are almost certainly a result of an insolvency liquidation. I see this shit all the damn time and right now there's very little recourse for those affected.

19 August at 20:17 | Open on chaos.social

Graham Sutherland / Polynomial

@glyph @foone but yeah, there fuckin ought to be a law.

https://chaos.social/@gsuberland/112990515561219329

19 August at 20:18 | Open on chaos.social

Momo

@gsuberland
If this is from an EU customer, it is a GDPR violation. But as you stated, there is probably no legal entity anymore that could pay the fine. Which means we need an appendix that ensures that the insolvency administrator enforces GDPR in liquidation cases (or would be personally liable if shit like this happens).

And again, this would probably not apply to the US so good look out there...
@glyph @foone

Expand text...

19 August at 20:24 | Open on social.linux.pizza

PhreakByte

@gsuberland @glyph @foone The entity that was the data controller at the time of the breach is responsible for reporting it. If the company has been liquidated, the liquidator or administrator may need to handle this obligation (GDPR wise)

19 August at 21:10 | Open on infosec.exchange