All good then
- Hole plugged
- Fine applied
- Fine paid
(Dusts off hands)
= All good
Hang on, what about the 5.9 mugs out there who’s data is in the wild?
Singapore's Personal Data Protection Commission (PDPC) has issued a fine of SG$74,000 ($54,456) on travel company Commeasure, which operates a travel booking website named RedDoorz that exposed 5.9 million customers' data – the largest data breach handled by the Commission since its inception. The PDPC announced the penalty …
... to act as a real deterrent for this particular company or others; the proper order of magnitude would be something that brings a company if not within an inch of its life then at least within a foot, the idea being that raking these in is not an option.
As the level where this happens while not resulting in an outright bankruptcy very much depends on circumstances, I'd suggest an alternate scheme where a company is forced to issue a substantial amount of new shares to be sold to the public with the proceeds going to government coffers: this should result in sufficient annoyance among existing shareholders to make a difference.
Another alternative could be a fine as a percentage of yearly revenue to be garnered from profits before any are paid out; this would also work companies other than LLCs, again without resulting in an immediate bankruptcy while hopefully getting the message trough.
In any case, while repeat offenses should attract higher penalties, the initial one must be substantial enough to act as a deterrent in itself; a token fine like this essentially means a license to ignore regulation until caught (and while appeals drag trough the courts, which is another problem, especially with well heeled companies with the resources to make sure this takes ages; with this in mind a fine should perhaps be a fixed percentage of yearly revenue or the combined revenue for the period in which there was an active violation, whichever is higher, for an incentive to fix things while waiting for the final verdict).
1) the breached company shall issue 5% of its voting shares common stock to the affected parties (divided equally among them.
2) if the breached company is privately owned, 10% of their net worth shall be used instead of its common stock.
2) the company will pay all legal and accounting costs associated with the judgement.
3) the judgement will bar class action suits but allow suits for actual damage above and beyond the settlement.
I'd love to see Zuck have to eat a $45b fine for his next data breach.