Sober2ndThought

The professions are equally subsciptable to it as IT. Heck the Big 4 accounting firms are now doing IT audits.
 
The reality is this, people who do audit work largely for commerical enterprises whose primary goal is to make as much money as possible. These are usually large organizations with a ton of overhead. Loosing a client, any client could be devstating for an organization.
 
The people who work there are under considerable pressure and are constantly divided between their duty to their profession and the needs of their businesses. There is pressure from the top down to bill as much as possible, and to keep evey client happy.
 
There are government audits, which are a bit different. Breaucrats work for the public purse and are largely immune from pressure. But those audits are generally done in connection with criminal investigations. Maybe that's the real solution, make storing and disposing data improperly a criminal offense.
 

The law covers all this. The problem runs a lot deeper.
 
It is actually a fundamental problem with how companies are organized and regulated in pretty much every country. Most companies are protected by what is called a corporate liability shield. This effectively shield corporations owners, and executives from any liability. Whether is the debts of the company, the negligence of the company or any other tort of the company.
 
This is a huge problem. It has created a situation which rewards people for being negligent, or even evil. Its not just tech its right across the board.
 
You can pass all the laws you want, but if there is no one who is taking personal responsibility for the violation of the law, what good is the law?
 
Legal Claim
 
First I just wanted to cover the actual legal claim. If you don't want to read it skip down to the real problem.
 
There is a really strong case for a tort claim under doctrine of negligence. Negligence has three elements: 1. Duty of Care Owed; 2. Duty of Care was Breached; 3. The breach led to a loss (damages). All three of these elements are present.
 
Furthermore, the Canadian Parliament recently passed the Digital Privacy Act which amended the Personal Information Protection and Electronic Documents Act (Canada) to cover this exact scenario. It includes mandatory breach notification requirements, enhanced powers for the Privacy Commissioner. But it only applies to Federally regulated industries such as Airlines, Banking and Broadcasting. Note Canada does not have an inter-state commerce clause, but Bankruptcy is Federally regulated (see s. 91(21): Constitution Act, 1867).
 
Provincially, the law largely mirrors the Federal Law. The British Columbia Personal Information Protection Act, governs and it largely mirrors the Federal Law. It also includes special protections for the personal information of employees. I am not sure if the B.C. Legislature has amended its law to include the Digital Privacy
 
Even then if the law only had protection for private paper data. Under Canadian law it would be extended to include electronic data. Under the Canadian rules of statutory interpretation, judges have a lot of desertion to interpret the law. One of the tenants of statutory interpretation is Eiusdem generis ("of the same kinds, class, or nature"), so in this case when it says paper records, the law would be read to include electronic records. Since it is a natural extension of the same class, a judge would extend the law to include electronic data. They basically look to the Legislature intent at the time, and how the Legislature would behave today.
 
The real problem is who is responsible? The law as it stands makes it difficult to make someone responsible in this kind of case.
 
NCIX
 
1. Duty of care is Owed:
 
NCIX had a duty of care to its employees and customers to keep their data secure. It can be proven by using the above referenced legislation under the doctrine of neglience per se. Even absent the legislation, they were entrusted with the information and likely they agreed to keep it secure.
 
2. Was there a breach of that duty of care:
 
There was a breach of that duty of care, they stored their data in a manner which was not at all secure, it was all either plain text or it had limited encryption.
 
3. Did the breach lead to damages:
 
That breach has led to people's Social Insurance Numbers ("SIN"), Credit Card, address history all being exposed. Which could lead to identity theft and when it does the customers and employees have suffered damages.
 
If NCIX still existed, there would be a really high probability that they could be successfully sued. But NCIX is bankrupt and therefore gone, we can try to collect from whatever bankruptcy process leaves behind, but really there is no NCIX to successfully sue.
 
Bankruptcy Trustee
 
1. Duty of care is Owed:
 
Yes, look at the law. I believe an accurate interpretation of the law would mandate that prior to selling the computer equipment the hard drives secure wiped or even destroyed. The basic question is are they like empty boxes which once stored a person's sensitive data or more like the sensitive data itself.
 
2. There is a breach of that duty of care:
 
Yes, the trustee had the duty to maintain the confidence of former employees and customers and to securely dispose of data properly once it comes into the trustee possession.
 
3. The breach has led to damages:
 
See above.
 
Now before you start jumping up and down thinking that we can sue the bankruptcy trustee, it is entirely possible the servers and computer equipment were never in the control of the bankruptcy trustee.
 
Its entirely possible that the landlord took the equipment before the trustee had taken control of NCIX. I note here that there was mention of unpaid rent. This could have gone one of two ways. The legal way, and the non-legal way.
 
The legal way. It is entirely possible that prior to going bankrupt, NCIX abandoned the lease to several warehouses with these servers. When the place was abandoned the landlord's have the right to seize all the property if NCIX made no serious attempt at regaining the property. Dean v. Kotsopoulos 2012 ONCA 143. In that case they are rightfully in the hands of the landlord.
 
Non-legal way. The landlord hearing about the bankruptcy of NCIX decided to seize all their property in the warehouse, including servers and data. Now we have a conversion claim against the landlord and the bankruptcy trustee could sue under the doctrine of conversion and get the equipment back and sue for data-theft.
 
This is so common, unfortunately. Disgruntled employees walk-away with equipment. Contractors move in and take what they can and try to flip it. Plenty of others will do the same including land lords. A bankruptcy trustee will try to secure what they can but even before they move in, stuff is already gone. Usually certain people (i.e. employees, landlords or contractors) have advanced notice that a bankruptcy is coming and they move in before the bankruptcy is declared.
 
In fact, I can tell you a story a colleague once told, she was a paralegal at a bankruptcy firm, after everything was done, all that was left was a very large collection of liquor. The partner gave her a box and said take what you want.
 
So really, this was entirely foreseeable, the blame goes back to NCIX. NCIX should have forseen that if it had not paid its rent, a landlord could legally or illegally seize the Severs and the information on the Servers could be exposed. So NCIX should have paid its rent and secured its servers.
 
The Company Executives
 
1. Duty of care is Owed:
 
No, NCIX is an incorporated company, there is no direct relationship between the customers and the company executives and therefore no duty is owed.
 
2. No duty, no breach.
 
3. No damages, no damages.
 
Real Issue
 
Imagine this, if Steve Wu knew that his failure to properly secure his employees and his customers data could mean that he would be personally sued, he would loose his house, he would loose his cars, face considerable personal problems, do you really think NCIX would have saved sensitive data in plain text format?
 
This is the real issue.
 
Prior to the passing of Limited Liability Act of 1855 (UK), all companies in the common law countries were partnerships. In that case, everyone who ran or invested in the company was liable for the debts and tortfeasence of the company. So in this case, even though the NCIX went bankrupt Steve Wu would be personally liable for the data breach, for also for all the debts of NCIX. There was also limited liability partnership as well, which only applied to professional organizations (i.e. law firms, accounting firms, and doctors etc), these limited liability for tortfeasence, if your lawyer screwed up your case, and it was just that one lawyer, then the other lawyers would not be liable for his screw up. But on debts and common torts, all the partners were liable. But with the liability shield, corporations are treated like "legal persons" and the corporations takes over all the duties and liabilities of the company. So if a company goes bankrupt, the company is liable for the debts. The shareholders, owners, the executives or the board of directors they are all protected from liability.
 
Now these were created for actually a very good reason. They were mostly a tool used by rail road companies in constructing new railway lines. It worked really well too, rail roads were risky ventures, you had to take on a lot of debt and there was no guarantee you'd succeed. But you could get investors to buy the rail road company in exchange for shares, if the company succeeded the investors made a lot of money, if the company failed, the investors lost their money but they would not be liable for the debts of the company. It was also good for society, fine railroad x failed, but it left behind a lot of railroad tracks. Usually the county, the province/state or the city would take it over, and create public transit. In fact most of our commuter rail systems are actually build on the back of failed railroad companies.
 
This system also worked well for a long time because companies were generally a long term venture. One passed from generation to generation. Therefore companies thought long term, and did not take risks which could damage the viability of the company. There were exceptions but there is a reason why so many companies have existed for 100+ years (think Ford, IBM, GE, etc). They would still take risks but generally it would be for the betterment of the company. I.e. Macys opening a store in a shopping mall rather down a downtown location because people's shopping preferences were moving to shopping malls.
 
Furthermore, other than in railroads, the failure of a business was viewed as a personal/moral failure on part of the executives. If your company failed people treated you like a failure. That acted as a check on your behaviour, and encourage executives to think long term.
 
The problem is after 1980 and 1990s, there was a culture shift in corporate world. Failure no longer has the same stigma, and arguably today it is a badge of honour. That shift has created the fleeting corporation. These are corporations created by people for the sole purpose of making as much money as possible in as little time as possible. These companies exist for the sole purpose of trying to make as much money as possible for the owners in as little time as possible. If they fail, who cares you made your money and walked away without any liability. Employees lost their job, not your problem.
 
The result is the owners and operators of fleeting corporations have little to no regard for long-term consequence of their actions. Executives at NCIX knew what they did was wrong, they knew they should have secured the data, but thhe did not because it would cost more and that would eat into their profits. They did this because it allowed them to maximize their personal profits. There was no reason for them to worry about the employees, customers or even NCIX because it would not negatively effect them.
 
Its not just new corporations, some even long term corporations like Sears have taken this approach. Rather than investing in an online store to compete with the likes of Amazon, the current group of executives simply moved all the bad assets from their other ventures into Sears and moved the more successful assets into their other ventures. Thus Sears is on the verge of bankruptcy and is bankrupt in Canada. Even better example, American banking executives in 2008 which took significant risks with mortgages, then paid themselves huge bonuses when everything crashed. One of the reasons no one was punished was there was no legal means to punish them.
 
You can sometimes pierce the corporate veil but it is a pretty high standard to meet, and it generally works better with small ma and pa type corporations than it does with large ones.
 
If you want real change its time to reform the corporate liability shield, make the directors liable for their at least their gross negligence in times like these. The UK has already started to move in this direction in relation to employees, criminal law and even patent law. Increasingly the corporate veil is pierced (for both small and large) corporations in the UK on these matters. North America lags behind. But if we want this same change, we need to get the message out to all our friends.
 
Adam Smith in his book the Wealth of Nations where he basically predicted this outcome when he criticized the corporate liability shield. He said, "companies, however, being the managers rather of other people's money than of their own, it cannot well be expected, that they should watch over it with the same anxious vigilance with which the partners in a private company frequently watch over their own.... Negligence and profusion, therefore, must always prevail, more or less, in the management of the affairs of such a company".
 
P.S. I apologize for not editing this properly I have to leave fairly quickly after typing it.

The law covers all this. The problem runs a lot deeper.
 
It is actually a fundamental problem with how companies are organized and regulated in pretty much every country. Most companies are protected by what is called a corporate liability shield. This effectively shield corporations owners, and executives from any liability. Whether is the debts of the company, the negligence of the company or any other tort of the company.
 
This is a huge problem. It has created a situation which rewards people for being negligent, or even evil. Its not just tech its right across the board.
 
You can pass all the laws you want, but if there is no one who is taking personal responsibility for the violation of the law, what good is the law?
 
Legal Claim
 
First I just wanted to cover the actual legal claim. If you don't want to read it skip down to the real problem.
 
There is a really strong case for a tort claim under doctrine of negligence. Negligence has three elements: 1. Duty of Care Owed; 2. Duty of Care was Breached; 3. The breach led to a loss (damages). All three of these elements are present.
 
Furthermore, the Canadian Parliament recently passed the Digital Privacy Act which amended the Personal Information Protection and Electronic Documents Act (Canada) to cover this exact scenario. It includes mandatory breach notification requirements, enhanced powers for the Privacy Commissioner. But it only applies to Federally regulated industries such as Airlines, Banking and Broadcasting. Note Canada does not have an inter-state commerce clause, but Bankruptcy is Federally regulated (see s. 91(21): Constitution Act, 1867).
 
Provincially, the law largely mirrors the Federal Law. The British Columbia Personal Information Protection Act, governs and it largely mirrors the Federal Law. It also includes special protections for the personal information of employees. I am not sure if the B.C. Legislature has amended its law to include the Digital Privacy
 
Even then if the law only had protection for private paper data. Under Canadian law it would be extended to include electronic data. Under the Canadian rules of statutory interpretation, judges have a lot of desertion to interpret the law. One of the tenants of statutory interpretation is Eiusdem generis ("of the same kinds, class, or nature"), so in this case when it says paper records, the law would be read to include electronic records. Since it is a natural extension of the same class, a judge would extend the law to include electronic data. They basically look to the Legislature intent at the time, and how the Legislature would behave today.
 
The real problem is who is responsible? The law as it stands makes it difficult to make someone responsible in this kind of case.
 
NCIX
 
1. Duty of care is Owed:
 
NCIX had a duty of care to its employees and customers to keep their data secure. It can be proven by using the above referenced legislation under the doctrine of neglience per se. Even absent the legislation, they were entrusted with the information and likely they agreed to keep it secure.
 
2. Was there a breach of that duty of care:
 
There was a breach of that duty of care, they stored their data in a manner which was not at all secure, it was all either plain text or it had limited encryption.
 
3. Did the breach lead to damages:
 
That breach has led to people's Social Insurance Numbers ("SIN"), Credit Card, address history all being exposed. Which could lead to identity theft and when it does the customers and employees have suffered damages.
 
If NCIX still existed, there would be a really high probability that they could be successfully sued. But NCIX is bankrupt and therefore gone, we can try to collect from whatever bankruptcy process leaves behind, but really there is no NCIX to successfully sue.
 
Bankruptcy Trustee
 
1. Duty of care is Owed:
 
Yes, look at the law. I believe an accurate interpretation of the law would mandate that prior to selling the computer equipment the hard drives secure wiped or even destroyed. The basic question is are they like empty boxes which once stored a person's sensitive data or more like the sensitive data itself.
 
2. There is a breach of that duty of care:
 
Yes, the trustee had the duty to maintain the confidence of former employees and customers and to securely dispose of data properly once it comes into the trustee possession.
 
3. The breach has led to damages:
 
See above.
 
Now before you start jumping up and down thinking that we can sue the bankruptcy trustee, it is entirely possible the servers and computer equipment were never in the control of the bankruptcy trustee.
 
Its entirely possible that the landlord took the equipment before the trustee had taken control of NCIX. I note here that there was mention of unpaid rent. This could have gone one of two ways. The legal way, and the non-legal way.
 
The legal way. It is entirely possible that prior to going bankrupt, NCIX abandoned the lease to several warehouses with these servers. When the place was abandoned the landlord's have the right to seize all the property if NCIX made no serious attempt at regaining the property. Dean v. Kotsopoulos 2012 ONCA 143. In that case they are rightfully in the hands of the landlord.
 
Non-legal way. The landlord hearing about the bankruptcy of NCIX decided to seize all their property in the warehouse, including servers and data. Now we have a conversion claim against the landlord and the bankruptcy trustee could sue under the doctrine of conversion and get the equipment back and sue for data-theft.
 
This is so common, unfortunately. Disgruntled employees walk-away with equipment. Contractors move in and take what they can and try to flip it. Plenty of others will do the same including land lords. A bankruptcy trustee will try to secure what they can but even before they move in, stuff is already gone. Usually certain people (i.e. employees, landlords or contractors) have advanced notice that a bankruptcy is coming and they move in before the bankruptcy is declared.
 
In fact, I can tell you a story a colleague once told, she was a paralegal at a bankruptcy firm, after everything was done, all that was left was a very large collection of liquor. The partner gave her a box and said take what you want.
 
So really, this was entirely foreseeable, the blame goes back to NCIX. NCIX should have forseen that if it had not paid its rent, a landlord could legally or illegally seize the Severs and the information on the Servers could be exposed. So NCIX should have paid its rent and secured its servers.
 
The Company Executives
 
1. Duty of care is Owed:
 
No, NCIX is an incorporated company, there is no direct relationship between the customers and the company executives and therefore no duty is owed.
 
2. No duty, no breach.
 
3. No damages, no damages.
 
Real Issue
 
Imagine this, if Steve Wu knew that his failure to properly secure his employees and his customers data could mean that he would be personally sued, he would loose his house, he would loose his cars, face considerable personal problems, do you really think NCIX would have saved sensitive data in plain text format?
 
This is the real issue.
 
Prior to the passing of Limited Liability Act of 1855 (UK), all companies in the common law countries were partnerships. In that case, everyone who ran or invested in the company was liable for the debts and tortfeasence of the company. So in this case, even though the NCIX went bankrupt Steve Wu would be personally liable for the data breach, for also for all the debts of NCIX. There was also limited liability partnership as well, which only applied to professional organizations (i.e. law firms, accounting firms, and doctors etc), these limited liability for tortfeasence, if your lawyer screwed up your case, and it was just that one lawyer, then the other lawyers would not be liable for his screw up. But on debts and common torts, all the partners were liable. But with the liability shield, corporations are treated like "legal persons" and the corporations takes over all the duties and liabilities of the company. So if a company goes bankrupt, the company is liable for the debts. The shareholders, owners, the executives or the board of directors they are all protected from liability.
 
Now these were created for actually a very good reason. They were mostly a tool used by rail road companies in constructing new railway lines. It worked really well too, rail roads were risky ventures, you had to take on a lot of debt and there was no guarantee you'd succeed. But you could get investors to buy the rail road company in exchange for shares, if the company succeeded the investors made a lot of money, if the company failed, the investors lost their money but they would not be liable for the debts of the company. It was also good for society, fine railroad x failed, but it left behind a lot of railroad tracks. Usually the county, the province/state or the city would take it over, and create public transit. In fact most of our commuter rail systems are actually build on the back of failed railroad companies.
 
This system also worked well for a long time because companies were generally a long term venture. One passed from generation to generation. Therefore companies thought long term, and did not take risks which could damage the viability of the company. There were exceptions but there is a reason why so many companies have existed for 100+ years (think Ford, IBM, GE, etc). They would still take risks but generally it would be for the betterment of the company. I.e. Macys opening a store in a shopping mall rather down a downtown location because people's shopping preferences were moving to shopping malls.
 
Furthermore, other than in railroads, the failure of a business was viewed as a personal/moral failure on part of the executives. If your company failed people treated you like a failure. That acted as a check on your behaviour, and encourage executives to think long term.
 
The problem is after 1980 and 1990s, there was a culture shift in corporate world. Failure no longer has the same stigma, and arguably today it is a badge of honour. That shift has created the fleeting corporation. These are corporations created by people for the sole purpose of making as much money as possible in as little time as possible. These companies exist for the sole purpose of trying to make as much money as possible for the owners in as little time as possible. If they fail, who cares you made your money and walked away without any liability. Employees lost their job, not your problem.
 
The result is the owners and operators of fleeting corporations have little to no regard for long-term consequence of their actions. Executives at NCIX knew what they did was wrong, they knew they should have secured the data, but thhe did not because it would cost more and that would eat into their profits. They did this because it allowed them to maximize their personal profits. There was no reason for them to worry about the employees, customers or even NCIX because it would not negatively effect them.
 
Its not just new corporations, some even long term corporations like Sears have taken this approach. Rather than investing in an online store to compete with the likes of Amazon, the current group of executives simply moved all the bad assets from their other ventures into Sears and moved the more successful assets into their other ventures. Thus Sears is on the verge of bankruptcy and is bankrupt in Canada. Even better example, American banking executives in 2008 which took significant risks with mortgages, then paid themselves huge bonuses when everything crashed. One of the reasons no one was punished was there was no legal means to punish them.
 
You can sometimes pierce the corporate veil but it is a pretty high standard to meet, and it generally works better with small ma and pa type corporations than it does with large ones.
 
If you want real change its time to reform the corporate liability shield, make the directors liable for their at least their gross negligence in times like these. The UK has already started to move in this direction in relation to employees, criminal law and even patent law. Increasingly the corporate veil is pierced (for both small and large) corporations in the UK on these matters. North America lags behind. But if we want this same change, we need to get the message out to all our friends.
 
Adam Smith in his book the Wealth of Nations where he basically predicted this outcome when he criticized the corporate liability shield. He said, "companies, however, being the managers rather of other people's money than of their own, it cannot well be expected, that they should watch over it with the same anxious vigilance with which the partners in a private company frequently watch over their own.... Negligence and profusion, therefore, must always prevail, more or less, in the management of the affairs of such a company".
 
P.S. I apologize for not editing this properly I have to leave fairly quickly after typing it.

I worked at a large business firm which handled audits (I was not in the audit department). Everyone who worked in audit department knew the rules, make the client happy. When they said client it wasn't the shareholders, employees or customers, it was the Board and the Executives. How do you keep them happy, the company passes the audit. Simple.
 
The problem is if you want to sue, who do you sue. Do you see the partner who issued the order but made sure it was issued in a way that it could not be traced back to him/her? Do you sue the junior auditor who signed the audit, was just following the firm rules, is likely overworked and knows if they don't please their please their boss they are out of work? Or do you sue the entire audit department or even the entire firm? Problem is the only person liable is the junior auditor, unless there is a document trial it is difficult to sue the entire firm. Even Arthur Anderson was acquitted in the Enron Scandal. https://www.nytimes.com/2005/05/31/business/justices-unanimously-overturn-conviction-of-arthur-andersen.html

The law covers all this. The problem runs a lot deeper.
 
It is actually a fundamental problem with how companies are organized and regulated in pretty much every country. Most companies are protected by what is called a corporate liability shield. This effectively shield corporations owners, and executives from any liability. Whether is the debts of the company, the negligence of the company or any other tort of the company.
 
This is a huge problem. It has created a situation which rewards people for being negligent, or even evil. Its not just tech its right across the board.
 
You can pass all the laws you want, but if there is no one who is taking personal responsibility for the violation of the law, what good is the law?
 
Legal Claim
 
First I just wanted to cover the actual legal claim. If you don't want to read it skip down to the real problem.
 
There is a really strong case for a tort claim under doctrine of negligence. Negligence has three elements: 1. Duty of Care Owed; 2. Duty of Care was Breached; 3. The breach led to a loss (damages). All three of these elements are present.
 
Furthermore, the Canadian Parliament recently passed the Digital Privacy Act which amended the Personal Information Protection and Electronic Documents Act (Canada) to cover this exact scenario. It includes mandatory breach notification requirements, enhanced powers for the Privacy Commissioner. But it only applies to Federally regulated industries such as Airlines, Banking and Broadcasting. Note Canada does not have an inter-state commerce clause, but Bankruptcy is Federally regulated (see s. 91(21): Constitution Act, 1867).
 
Provincially, the law largely mirrors the Federal Law. The British Columbia Personal Information Protection Act, governs and it largely mirrors the Federal Law. It also includes special protections for the personal information of employees. I am not sure if the B.C. Legislature has amended its law to include the Digital Privacy
 
Even then if the law only had protection for private paper data. Under Canadian law it would be extended to include electronic data. Under the Canadian rules of statutory interpretation, judges have a lot of desertion to interpret the law. One of the tenants of statutory interpretation is Eiusdem generis ("of the same kinds, class, or nature"), so in this case when it says paper records, the law would be read to include electronic records. Since it is a natural extension of the same class, a judge would extend the law to include electronic data. They basically look to the Legislature intent at the time, and how the Legislature would behave today.
 
The real problem is who is responsible? The law as it stands makes it difficult to make someone responsible in this kind of case.
 
NCIX
 
1. Duty of care is Owed:
 
NCIX had a duty of care to its employees and customers to keep their data secure. It can be proven by using the above referenced legislation under the doctrine of neglience per se. Even absent the legislation, they were entrusted with the information and likely they agreed to keep it secure.
 
2. Was there a breach of that duty of care:
 
There was a breach of that duty of care, they stored their data in a manner which was not at all secure, it was all either plain text or it had limited encryption.
 
3. Did the breach lead to damages:
 
That breach has led to people's Social Insurance Numbers ("SIN"), Credit Card, address history all being exposed. Which could lead to identity theft and when it does the customers and employees have suffered damages.
 
If NCIX still existed, there would be a really high probability that they could be successfully sued. But NCIX is bankrupt and therefore gone, we can try to collect from whatever bankruptcy process leaves behind, but really there is no NCIX to successfully sue.
 
Bankruptcy Trustee
 
1. Duty of care is Owed:
 
Yes, look at the law. I believe an accurate interpretation of the law would mandate that prior to selling the computer equipment the hard drives secure wiped or even destroyed. The basic question is are they like empty boxes which once stored a person's sensitive data or more like the sensitive data itself.
 
2. There is a breach of that duty of care:
 
Yes, the trustee had the duty to maintain the confidence of former employees and customers and to securely dispose of data properly once it comes into the trustee possession.
 
3. The breach has led to damages:
 
See above.
 
Now before you start jumping up and down thinking that we can sue the bankruptcy trustee, it is entirely possible the servers and computer equipment were never in the control of the bankruptcy trustee.
 
Its entirely possible that the landlord took the equipment before the trustee had taken control of NCIX. I note here that there was mention of unpaid rent. This could have gone one of two ways. The legal way, and the non-legal way.
 
The legal way. It is entirely possible that prior to going bankrupt, NCIX abandoned the lease to several warehouses with these servers. When the place was abandoned the landlord's have the right to seize all the property if NCIX made no serious attempt at regaining the property. Dean v. Kotsopoulos 2012 ONCA 143. In that case they are rightfully in the hands of the landlord.
 
Non-legal way. The landlord hearing about the bankruptcy of NCIX decided to seize all their property in the warehouse, including servers and data. Now we have a conversion claim against the landlord and the bankruptcy trustee could sue under the doctrine of conversion and get the equipment back and sue for data-theft.
 
This is so common, unfortunately. Disgruntled employees walk-away with equipment. Contractors move in and take what they can and try to flip it. Plenty of others will do the same including land lords. A bankruptcy trustee will try to secure what they can but even before they move in, stuff is already gone. Usually certain people (i.e. employees, landlords or contractors) have advanced notice that a bankruptcy is coming and they move in before the bankruptcy is declared.
 
In fact, I can tell you a story a colleague once told, she was a paralegal at a bankruptcy firm, after everything was done, all that was left was a very large collection of liquor. The partner gave her a box and said take what you want.
 
So really, this was entirely foreseeable, the blame goes back to NCIX. NCIX should have forseen that if it had not paid its rent, a landlord could legally or illegally seize the Severs and the information on the Servers could be exposed. So NCIX should have paid its rent and secured its servers.
 
The Company Executives
 
1. Duty of care is Owed:
 
No, NCIX is an incorporated company, there is no direct relationship between the customers and the company executives and therefore no duty is owed.
 
2. No duty, no breach.
 
3. No damages, no damages.
 
Real Issue
 
Imagine this, if Steve Wu knew that his failure to properly secure his employees and his customers data could mean that he would be personally sued, he would loose his house, he would loose his cars, face considerable personal problems, do you really think NCIX would have saved sensitive data in plain text format?
 
This is the real issue.
 
Prior to the passing of Limited Liability Act of 1855 (UK), all companies in the common law countries were partnerships. In that case, everyone who ran or invested in the company was liable for the debts and tortfeasence of the company. So in this case, even though the NCIX went bankrupt Steve Wu would be personally liable for the data breach, for also for all the debts of NCIX. There was also limited liability partnership as well, which only applied to professional organizations (i.e. law firms, accounting firms, and doctors etc), these limited liability for tortfeasence, if your lawyer screwed up your case, and it was just that one lawyer, then the other lawyers would not be liable for his screw up. But on debts and common torts, all the partners were liable. But with the liability shield, corporations are treated like "legal persons" and the corporations takes over all the duties and liabilities of the company. So if a company goes bankrupt, the company is liable for the debts. The shareholders, owners, the executives or the board of directors they are all protected from liability.
 
Now these were created for actually a very good reason. They were mostly a tool used by rail road companies in constructing new railway lines. It worked really well too, rail roads were risky ventures, you had to take on a lot of debt and there was no guarantee you'd succeed. But you could get investors to buy the rail road company in exchange for shares, if the company succeeded the investors made a lot of money, if the company failed, the investors lost their money but they would not be liable for the debts of the company. It was also good for society, fine railroad x failed, but it left behind a lot of railroad tracks. Usually the county, the province/state or the city would take it over, and create public transit. In fact most of our commuter rail systems are actually build on the back of failed railroad companies.
 
This system also worked well for a long time because companies were generally a long term venture. One passed from generation to generation. Therefore companies thought long term, and did not take risks which could damage the viability of the company. There were exceptions but there is a reason why so many companies have existed for 100+ years (think Ford, IBM, GE, etc). They would still take risks but generally it would be for the betterment of the company. I.e. Macys opening a store in a shopping mall rather down a downtown location because people's shopping preferences were moving to shopping malls.
 
Furthermore, other than in railroads, the failure of a business was viewed as a personal/moral failure on part of the executives. If your company failed people treated you like a failure. That acted as a check on your behaviour, and encourage executives to think long term.
 
The problem is after 1980 and 1990s, there was a culture shift in corporate world. Failure no longer has the same stigma, and arguably today it is a badge of honour. That shift has created the fleeting corporation. These are corporations created by people for the sole purpose of making as much money as possible in as little time as possible. These companies exist for the sole purpose of trying to make as much money as possible for the owners in as little time as possible. If they fail, who cares you made your money and walked away without any liability. Employees lost their job, not your problem.
 
The result is the owners and operators of fleeting corporations have little to no regard for long-term consequence of their actions. Executives at NCIX knew what they did was wrong, they knew they should have secured the data, but thhe did not because it would cost more and that would eat into their profits. They did this because it allowed them to maximize their personal profits. There was no reason for them to worry about the employees, customers or even NCIX because it would not negatively effect them.
 
Its not just new corporations, some even long term corporations like Sears have taken this approach. Rather than investing in an online store to compete with the likes of Amazon, the current group of executives simply moved all the bad assets from their other ventures into Sears and moved the more successful assets into their other ventures. Thus Sears is on the verge of bankruptcy and is bankrupt in Canada. Even better example, American banking executives in 2008 which took significant risks with mortgages, then paid themselves huge bonuses when everything crashed. One of the reasons no one was punished was there was no legal means to punish them.
 
You can sometimes pierce the corporate veil but it is a pretty high standard to meet, and it generally works better with small ma and pa type corporations than it does with large ones.
 
If you want real change its time to reform the corporate liability shield, make the directors liable for their at least their gross negligence in times like these. The UK has already started to move in this direction in relation to employees, criminal law and even patent law. Increasingly the corporate veil is pierced (for both small and large) corporations in the UK on these matters. North America lags behind. But if we want this same change, we need to get the message out to all our friends.
 
Adam Smith in his book the Wealth of Nations where he basically predicted this outcome when he criticized the corporate liability shield. He said, "companies, however, being the managers rather of other people's money than of their own, it cannot well be expected, that they should watch over it with the same anxious vigilance with which the partners in a private company frequently watch over their own.... Negligence and profusion, therefore, must always prevail, more or less, in the management of the affairs of such a company".
 
P.S. I apologize for not editing this properly I have to leave fairly quickly after typing it.

Ok so no USB Type C charging? So they made a laptop with no USB Type A ports to push the industry forward (good), but let the iPhone stagnate with lightening
 

That's not what I learned in law school. I remember my first day they told us EULA are enforceable. 

Now I am not a contract lawyer and have not studied contract law for years, an actual contract lawyer can get into the nitty gritty. Plus most my education was in the common law in Canada, so what I say is mostly true for Canada and not true world wide.
 
The only type of EULAs which might not be enforceable are Shrink Wrap Contracts. In the U.S. the law is split, one court decisions ProCD, Inc. v. Zeidenberg, 86 F. 3d. 1447 (7th Cir. 1996) held that they are enforceable, while another Klocek v. Gateway, Inc 104 F. Supp. 2d. 1332 held they are not. It will depend on which state you live in. That is unless the UCC is updated to resolves the issue once and for all and the state legislatures all adopt the new UCC . 
 
All other EULAs are enforceable. In the U.S. they are called Click-Through License Agreements. EULAs are considered a form of a Standard Form Contract, and the Under the Article 2 of the UCC (in the U.S.) and under the Common Law (commonwealth countries) EULAs are enforceable as such. But because they are Standard Form Contracts, they are subject to several limitation which are not typically found in typical bilateral contracts. 
 
Generally, to be enforceable, a person must enter into the contract with the intent to be bound by the contract. With a typical bilateral contract which is negotiated and hammered out, all aspects of it are enforceable unless a limited number of exceptions apply. The assumption is both parties are equal in power, they probably discussed every clause in the contract, and they agreed to bound by every single term in the contract and agreed to every clause in the contract. So the contract is enforceable. There are a handful of limitations such as mistake (mutual and unilateral), duress or undue influence, unconscionability, misrepresentation or fraud, impossibility or impracticability, and frustration of purpose.
 
Standard Form Contract there is an unequal bargaining power, they are typically a take or leave it deal, they are imposed on us, and there usually is not enough time to understand the implications of each clause of the contract. For these reasons Standard Form Contracts have limited enforceability. 
 
The general rule is that anything in a Standard Form Contract are enforceable on the whole against the party which drafted it.  But on the other party (the party assenting to the EULA), the terms are only enforceable so long as those terms are normally expected to be found in such a contract. Any term that is unusual or particularly onerous, must be pointed out with particularly to be enforceable (i.e. bolded, in red, with the right to sign on the side, etc.) otherwise it will be unenforceable. Tilden Rent-A-Car Co. v. Clendenning (1978), 83 DLR (3d) 400,
 
For example, in your cell phone contract the clause about long distance calling being subject to a higher rate is generally enforceable because as consumers we expect this to be part of the terms of the contract. But a clause stating that you must pay your long-distance bill in pennies at a particular location would not be enforceable because that is considered unusual and onerous clause (pennies are heavy).  So unless it was pointed out to you with particularity and you assented it is not enforceable. 
 
With, EULAs since all we do is click agree and we have no right to negotiate the terms, they are considered Standard Form Contracts and are enforceable as such. In this case, the question will turn on whether the clause about publishing benchmarks is either particularly onerous or an unusual contract terms and whether Intel pointed it out with particularity. 

That's not what I learned in law school. I remember my first day they told us EULA are enforceable. 

Now I am not a contract lawyer and have not studied contract law for years, an actual contract lawyer can get into the nitty gritty. Plus most my education was in the common law in Canada, so what I say is mostly true for Canada and not true world wide.
 
The only type of EULAs which might not be enforceable are Shrink Wrap Contracts. In the U.S. the law is split, one court decisions ProCD, Inc. v. Zeidenberg, 86 F. 3d. 1447 (7th Cir. 1996) held that they are enforceable, while another Klocek v. Gateway, Inc 104 F. Supp. 2d. 1332 held they are not. It will depend on which state you live in. That is unless the UCC is updated to resolves the issue once and for all and the state legislatures all adopt the new UCC . 
 
All other EULAs are enforceable. In the U.S. they are called Click-Through License Agreements. EULAs are considered a form of a Standard Form Contract, and the Under the Article 2 of the UCC (in the U.S.) and under the Common Law (commonwealth countries) EULAs are enforceable as such. But because they are Standard Form Contracts, they are subject to several limitation which are not typically found in typical bilateral contracts. 
 
Generally, to be enforceable, a person must enter into the contract with the intent to be bound by the contract. With a typical bilateral contract which is negotiated and hammered out, all aspects of it are enforceable unless a limited number of exceptions apply. The assumption is both parties are equal in power, they probably discussed every clause in the contract, and they agreed to bound by every single term in the contract and agreed to every clause in the contract. So the contract is enforceable. There are a handful of limitations such as mistake (mutual and unilateral), duress or undue influence, unconscionability, misrepresentation or fraud, impossibility or impracticability, and frustration of purpose.
 
Standard Form Contract there is an unequal bargaining power, they are typically a take or leave it deal, they are imposed on us, and there usually is not enough time to understand the implications of each clause of the contract. For these reasons Standard Form Contracts have limited enforceability. 
 
The general rule is that anything in a Standard Form Contract are enforceable on the whole against the party which drafted it.  But on the other party (the party assenting to the EULA), the terms are only enforceable so long as those terms are normally expected to be found in such a contract. Any term that is unusual or particularly onerous, must be pointed out with particularly to be enforceable (i.e. bolded, in red, with the right to sign on the side, etc.) otherwise it will be unenforceable. Tilden Rent-A-Car Co. v. Clendenning (1978), 83 DLR (3d) 400,
 
For example, in your cell phone contract the clause about long distance calling being subject to a higher rate is generally enforceable because as consumers we expect this to be part of the terms of the contract. But a clause stating that you must pay your long-distance bill in pennies at a particular location would not be enforceable because that is considered unusual and onerous clause (pennies are heavy).  So unless it was pointed out to you with particularity and you assented it is not enforceable. 
 
With, EULAs since all we do is click agree and we have no right to negotiate the terms, they are considered Standard Form Contracts and are enforceable as such. In this case, the question will turn on whether the clause about publishing benchmarks is either particularly onerous or an unusual contract terms and whether Intel pointed it out with particularity. 

That's not what I learned in law school. I remember my first day they told us EULA are enforceable. 

Now I am not a contract lawyer and have not studied contract law for years, an actual contract lawyer can get into the nitty gritty. Plus most my education was in the common law in Canada, so what I say is mostly true for Canada and not true world wide.
 
The only type of EULAs which might not be enforceable are Shrink Wrap Contracts. In the U.S. the law is split, one court decisions ProCD, Inc. v. Zeidenberg, 86 F. 3d. 1447 (7th Cir. 1996) held that they are enforceable, while another Klocek v. Gateway, Inc 104 F. Supp. 2d. 1332 held they are not. It will depend on which state you live in. That is unless the UCC is updated to resolves the issue once and for all and the state legislatures all adopt the new UCC . 
 
All other EULAs are enforceable. In the U.S. they are called Click-Through License Agreements. EULAs are considered a form of a Standard Form Contract, and the Under the Article 2 of the UCC (in the U.S.) and under the Common Law (commonwealth countries) EULAs are enforceable as such. But because they are Standard Form Contracts, they are subject to several limitation which are not typically found in typical bilateral contracts. 
 
Generally, to be enforceable, a person must enter into the contract with the intent to be bound by the contract. With a typical bilateral contract which is negotiated and hammered out, all aspects of it are enforceable unless a limited number of exceptions apply. The assumption is both parties are equal in power, they probably discussed every clause in the contract, and they agreed to bound by every single term in the contract and agreed to every clause in the contract. So the contract is enforceable. There are a handful of limitations such as mistake (mutual and unilateral), duress or undue influence, unconscionability, misrepresentation or fraud, impossibility or impracticability, and frustration of purpose.
 
Standard Form Contract there is an unequal bargaining power, they are typically a take or leave it deal, they are imposed on us, and there usually is not enough time to understand the implications of each clause of the contract. For these reasons Standard Form Contracts have limited enforceability. 
 
The general rule is that anything in a Standard Form Contract are enforceable on the whole against the party which drafted it.  But on the other party (the party assenting to the EULA), the terms are only enforceable so long as those terms are normally expected to be found in such a contract. Any term that is unusual or particularly onerous, must be pointed out with particularly to be enforceable (i.e. bolded, in red, with the right to sign on the side, etc.) otherwise it will be unenforceable. Tilden Rent-A-Car Co. v. Clendenning (1978), 83 DLR (3d) 400,
 
For example, in your cell phone contract the clause about long distance calling being subject to a higher rate is generally enforceable because as consumers we expect this to be part of the terms of the contract. But a clause stating that you must pay your long-distance bill in pennies at a particular location would not be enforceable because that is considered unusual and onerous clause (pennies are heavy).  So unless it was pointed out to you with particularity and you assented it is not enforceable. 
 
With, EULAs since all we do is click agree and we have no right to negotiate the terms, they are considered Standard Form Contracts and are enforceable as such. In this case, the question will turn on whether the clause about publishing benchmarks is either particularly onerous or an unusual contract terms and whether Intel pointed it out with particularity. 

That's not what I learned in law school. I remember my first day they told us EULA are enforceable. 

Now I am not a contract lawyer and have not studied contract law for years, an actual contract lawyer can get into the nitty gritty. Plus most my education was in the common law in Canada, so what I say is mostly true for Canada and not true world wide.
 
The only type of EULAs which might not be enforceable are Shrink Wrap Contracts. In the U.S. the law is split, one court decisions ProCD, Inc. v. Zeidenberg, 86 F. 3d. 1447 (7th Cir. 1996) held that they are enforceable, while another Klocek v. Gateway, Inc 104 F. Supp. 2d. 1332 held they are not. It will depend on which state you live in. That is unless the UCC is updated to resolves the issue once and for all and the state legislatures all adopt the new UCC . 
 
All other EULAs are enforceable. In the U.S. they are called Click-Through License Agreements. EULAs are considered a form of a Standard Form Contract, and the Under the Article 2 of the UCC (in the U.S.) and under the Common Law (commonwealth countries) EULAs are enforceable as such. But because they are Standard Form Contracts, they are subject to several limitation which are not typically found in typical bilateral contracts. 
 
Generally, to be enforceable, a person must enter into the contract with the intent to be bound by the contract. With a typical bilateral contract which is negotiated and hammered out, all aspects of it are enforceable unless a limited number of exceptions apply. The assumption is both parties are equal in power, they probably discussed every clause in the contract, and they agreed to bound by every single term in the contract and agreed to every clause in the contract. So the contract is enforceable. There are a handful of limitations such as mistake (mutual and unilateral), duress or undue influence, unconscionability, misrepresentation or fraud, impossibility or impracticability, and frustration of purpose.
 
Standard Form Contract there is an unequal bargaining power, they are typically a take or leave it deal, they are imposed on us, and there usually is not enough time to understand the implications of each clause of the contract. For these reasons Standard Form Contracts have limited enforceability. 
 
The general rule is that anything in a Standard Form Contract are enforceable on the whole against the party which drafted it.  But on the other party (the party assenting to the EULA), the terms are only enforceable so long as those terms are normally expected to be found in such a contract. Any term that is unusual or particularly onerous, must be pointed out with particularly to be enforceable (i.e. bolded, in red, with the right to sign on the side, etc.) otherwise it will be unenforceable. Tilden Rent-A-Car Co. v. Clendenning (1978), 83 DLR (3d) 400,
 
For example, in your cell phone contract the clause about long distance calling being subject to a higher rate is generally enforceable because as consumers we expect this to be part of the terms of the contract. But a clause stating that you must pay your long-distance bill in pennies at a particular location would not be enforceable because that is considered unusual and onerous clause (pennies are heavy).  So unless it was pointed out to you with particularity and you assented it is not enforceable. 
 
With, EULAs since all we do is click agree and we have no right to negotiate the terms, they are considered Standard Form Contracts and are enforceable as such. In this case, the question will turn on whether the clause about publishing benchmarks is either particularly onerous or an unusual contract terms and whether Intel pointed it out with particularity. 

I don't think the actual issue the click bait and the thumbnails, I think the real issue is the content has gone down hill and the click bait and thumbnails is a symptom of it. 
 
What I am hearing from Linus is the George Lucas argument. But we have better video quality, therefore our videos are better. But honestly a lot of the new videos are bad. No mater how good the video quality is it is not going to make up for bad content.  Its the bad content which is alienating your audience. Like the Pizza Oven Computer. A poorly thought out video that should never have been released.
 
There are still some good videos, like the Samsung S8 review, the Amazon PC. But with these thumbnails I still cannot distinguish the good from the bad.  If I click one of them, I am always worried it will start with Linus screaming "WOAH!!!" or something else stupid. 
 
But even with the decent content there are so many stupid gimmicks in it. Like the Amazon PC video, did it really need fire in the background? Or this: 

An otherwise good video with stupid shit which is increasingly making your viewers cringe. 
 
Linus always did stupid stuff like leaving the Dell laptop in the rain intentionally, but that was entertaining because it wasn't over the top, it was more stubble and it had something to do with the actual product. The video actually gave me a good impression of the Dell laptop and I seriously did consider buying it. Especially when I saw how repairable it was. It was a small part of it, just gave it a little flair but it wasn't the whole video. 

I get that you have some metric saying its making you more money, and yes you have salaries to pay so therefore have to make more money. But here is the issue, I think you guys grew to fast for your existing audience and you need to now quickly expand your business. So now you are just desperate for views to keep your business afloat. So you release one video a day, which might not be good, use click-bait to get people to the video and they watch it you make a few bucks and you keep going another day. The problem is whatever views you are getting now are incidental, and it won't last. Having a strong loyal core audience is sustainable and it is what actually works in the long run.
 
Look at the Green Brothers, they grew slowly, and are actually bigger than you, improved their quality but have never lost the traditional style of their videos. They don't need to resort to click bait or producing crazy content just to get new views. They have their loyal audience which is growing. Also CGP Grey whose growing very slowly, but his video quality has never changed. it is as good as ever and he's slowly expanding. 

there we go, glad to help

Those temps seem safe to me.
 
 
My cpu in my old pre built got up to 65c on load and idled at 45-55 I had a stock cooler (tower cooler) with a noctua 90mm on it.
 
GPU on load would get about to 80c but it was a reference 550 ti.
 
What case do you have? EDIT: NVM I should learn to read my carefully
 
 
EDIT: also air cooling can be just as good if not better than a water cooled rig and cost MUCH less.
 
if I were you I would get an nh d15 if you can spare the cash if not get a 212 evo. Make sure you're using all of the fan slots on the case. Again if money isn't an issue go with noctuas.
 
EDIT AGAIN: Someone mentioned to me that STRIX cards run hotter can't confirm this though.

seems to be okay, there's only 5 degrees difference that we could attribute to the thermal compund getting older and knowing that H440's air flow is a little bit restrictive compared to Cooler Masters cases which I presume all very strong air flow.
H440 is designed to be silence optimised.
 
Also intels stock heatsink is known to be on the weaker side and should be avoided - that's for your stress test
Try grabbing a CoolerMaster 212 Evo