Troy Hunt
It’s not a real data breach unless it causes people serious harm. Words to that effect are rife throughout privacy reforms that continue to prioritise the responsible organisation over the impacted individuals https://www.ashurst.com/en/insights/queenslands-ipola-guidelines-new-mandatory-notification-data-breach-scheme/
Queensland's IPOLA Guidelines – New Mandatory Notification Data Breach Scheme

Queensland's privacy laws are changing from 1 July 2025. Learn to be ready for the introduction of the mandatory notification data breach scheme.

Ashurst
Apr 20, 2025 at 5:37amWeb
Show threadDaniel Terhorst-NorthApr 20, 2025
@troyhunt it’s not a real data breach unless it is from the Data Breach area of California. Otherwise it is just sparkling incompetence.
Show threadTroy HuntApr 25, 2025
@tastapod 🤣
Show threadpaulnewmanApr 20, 2025
@troyhunt makes you wonder how much of this is to prevent litigation over potential problems arising from training data in LLMs. "yes, it is your face / phone number / whatever, but it didn't cause you serious harm". Either way, lowering standards doesn't seem like a great move
Show thread🐧DaveNull🐧 ☣️pResident Evil☣Apr 26, 2025

@troyhunt Ah yes, because the point of leaking people's PII is usually for joke purposes, or for non-serious harm…

"It's not an actual assault unless you're in coma or dead It shouldn't be mere inconvenience, such as not being a big fan of having a black eye"