A couple of weeks ago, news spread regarding incidents of internal security breach in Google. Allegedly, one of its engineers used his internal clearances to access users' accounts, including the information of four minors. In incidents such as these, how can users make service providers liable for the acts of its employees? Immediately after the news of Google's security breach came out, a former Google employee divulged that "The company does not closely monitor SREs to detect improper access to customers' accounts because SREs are generally considered highly-experienced engineers who can be trusted." This, of course, was countered by Google through a press statement.
In the absence of privacy laws clearly attributing responsibility to service providers, can a victim of a security breach sue on the basis of tort? And to what extent?
But more important, how do we know that our accounts have been or are being compromised?
-- Ixara Maroto, 10th post