Taliferro › Blog
Why Organizations Must Fix Data Security Now
Co-Founder Taliferro
Co-Founder Taliferro
For years, I've been vocal about a simple yet crucial idea: everyone should be responsible for their own information. Unfortunately, corporations continue to collect vast amounts of personal data and then fail to secure it properly, leading to countless data breaches and hacks. It's time for corporations to stop being stupid about data security and take real responsibility for the information they collect.
Corporations ask for all sorts of personal information from users. They want your name, address, phone number, and even more sensitive data like social security numbers and credit card details. But here's the thing: the more information they collect, the bigger the target they become for hackers. When a corporation gets hacked, it's not just the company that suffers – it's the millions of users whose data gets exposed.
With TODD, we take a different approach. We only ask for your email address. Why? Because if TODD ever gets hacked, the worst thing a hacker gets is a bunch of email addresses. No sensitive personal information is at risk. This minimalistic approach to data collection is not just smart – it's responsible.
AI helps here — but only with the right guardrails. I rely on our Consistent Output Protocol (COP) to keep detections and summaries consistent, and the techniques I described in How Machine Learning Is Changing Cybersecurity (2025) to reduce noise without missing the signal.
AI is a force multiplier, not a substitute for discipline. I use AI to correlate events across systems, summarize evidence for auditors, and prioritize what matters. I don’t use AI to invent policy on the fly, decide retention, or manage encryption keys. Those are human decisions backed by clear standards.
To keep AI dependable, I apply our Consistent Output Protocol (COP) so the same evidence produces the same outcome every time. That’s how we cut false positives while maintaining repeatability.
If a corporation asks for your information, it's up to them to secure it. This isn't just about good business practice – it's about ethics. Users trust companies with their data, and that trust should not be taken lightly. Companies need to stop trying to shift the responsibility back to users by saying things like, "Use strong passwords" or "Enable two-factor authentication." While these are good practices, they don't absolve corporations from their duty to protect the data they collect. Refer to NIST CSF 2.0 principles and the CIS Critical Security Controls for practical control baselines. For a practical example of designing customer-friendly security, see Secure Customer Access to Project Data.
Corporations need to wake up and realize that the more data they collect, the greater their responsibility becomes. They should:
In an ideal world, everyone would be responsible for their own information. But if a corporation insists on collecting data, it must step up and secure it. This isn't just about avoiding hacks – it's about respecting the trust that users place in them. The smart move for corporations is clear: minimize data collection, secure what you must collect, and always prioritize the user's privacy.
Stop being stupid about data security. Collect less, secure more, and respect user privacy. It's that simple.
No. AI can flag anomalies and summarize evidence, but it cannot replace data minimization, encryption, access control, and retention discipline.
Shorten data retention and narrow collection to essentials. Less data collected and kept means less to lose and disclose.
Maintain tamper-evident logs for access, changes, exports, and key operations; map controls to NIST CSF or CIS Controls and review quarterly.
Want this fixed on your site?
Tell us your URL and what feels slow. We’ll point to the first thing to fix.