Re: No login details or authentication of any sort was needed to view and search the live system
Blaming and jailing the bosses means people in those positions take these problems seriously.
Fining doesnt work as they dont pay the fine. Firing doesnt work as they can quickly get a new job. Jail time for gross negligence, with a condition that it's not considered 'spent' for 10 years after the event, is something that's indelibly on their record.
Give protection to whistleblowers and try to protect people from false allegations or set-ups. Maybe have punishments increase as a function of time the system has been open and time between them being informed and acting on it.
But they need to get this right every single time. These systems should be installed only where they are so critically necessary, so well regulated and so well tested that teams of people will properly put their necks on the line to create and install them.