> a lawsuit in state court to dissolve a corporation
Couldn't they just re-incorporate the next day in another jurisdiction.
Or it implies that the state can force them to sell all the assets, lay off all the workers, and return the money to creditors.
Well in either case, it is a nice fantasy. Doubt anything like that would happen. Even worse, after nothing happens, everyone who deals with such data will watch and learn a valuable lesson - "Don't bother with security or data protection much, just hire a PR firm and wait for online news to cool down for a month, then continue as usual".
Look at their stock https://finance.google.com/finance?q=NYSE:EFX was $140, crashed to $100 then recovering, now at $110. Only 20% down or so. And that's after losing SSN, names, addresses, etc for large chunk of the US population.
In most states, when a corporation is dissolved, there's a period of time for creditors to submit claims, and then those claims are paid out, and then any remaining assets are distributed to company owners (shareholders).
I don't think there's a good legal framework for forcing a company into dissolution, because the normal path is for assets to be distributed to the shareholders, and if the shareholders didn't want do dissolve the company, they could presumably take those assets and continue the company's operations.
I love the idea of a "corporate death penalty", but I am not sure how it would work under extant law. Maybe some sort of special "bankruptcy with prejudice", where a company would be prevented from reorganizing or restructuring such that it would be forced to sell itself for scrap in order to pay off a class action judgement? That might do the job.
It's really a shitty hack, though. The real solution is to make the undesirable conduct illegal, and ramp up both penalties and enforcement. Mostly enforcement, because the most effective way to deter criminality is to increase the chances that someone will get caught; increasing the penalty while still leaving the odds of getting caught low isn't nearly as compelling a disincentive (due to human cognitive biases around probability, from what I can tell).
The "corporate death penalty" is satisfying in the same way that the actual death penalty is -- it's not really about deterrence, it's social catharsis through ritualized violence. Which is fine, at least in the abstract; it's something that all societies do if you look hard enough, and I tend to think it's better to do it in the open. But it's a mistake to say that it's about deterrence.
We know how to do deterrence; in the context of business misbehavior, there are all sorts of profitable but illegal things that businesses just don't do, because there are regulatory and enforcement structures that make it a Bad Idea. That's how you do deterrence, but it requires a political consensus that the action really needs to stop.
Right now, I am not sure there is a political consensus that what Equifax did was wrong and that a new enforcement structure is needed to prevent a re-occurrence. There's perhaps an emerging popular consensus, but I am not sure that our government is in tune with that popular consensus on an actionable level yet. How to get Congress there is really the challenge.
For a "corporate death penalty" why would the state need to concern itself with the notion of shareholders to begin with? Loss of stake would merely be a part of the penalty. There's certainly precedent outside of the US for nationalization of corporate resources.
> There's certainly precedent outside of the US for nationalization of corporate resources
You can’t just take shareholders’ stuff because you don’t like what management did. More directly, protecting property rights is a cornerstone to our multi-century economic success.
Perhaps if shareholders lost or were at risk of losing their stuff, they’d take much more interest in what management did, and demand avoiding behaviors that would increase that risk.
It is bad for society when a corporation can engage in socially damaging activity, and then those involved—including shareholders who are profiting from the behavior—are insulated from experiencing the loss.
But you can forbid any government body to do business with them. And you can extend that by forbidding government bodies from doing business with any companies that in turn do business with the particular bad egg.
In case of Equifax, that would probably amount to a public execution.
That’s fine, and I think it should be encouraged. I also think they should be fined, held liable for money damages in court, and that their executives should be investigated with the potential of resulting in jail time. You have to find ways to take the money from the company, however, not directly from the shareholders.
that would be worse - the database of information isn't gone, but sold, to who knows where?!
I think instead of dissolving the corp, they have to be made responsible for the information they leaked out. Fines, or jail time for the executives, or something like that (as i don't believe there's a technical remedy for the lost information - it's already leaked).
Most states reserve the right to seize property involved in the commission of a crime. In this case, that could potentially include all their servers and data backups.
Holding officers of the company criminally & civilly liable seems like it would go further to solving the problem. If the CEO was worried about going to jail or being fined, he would have made sure the organization was a lot more focused on protecting individual data.
1) US government should cancel all contracts with Equifax,
2) US government should demand a list of all effected SSNs
3) US government should use pre-breach tax data to issue replacement SSNs to all affected and send Equifax the bill for doing this.
3) US governments should ask the courts to consider any use of a breached SSN on any credit issued after breach date to not be enough evidence alone for any credit recovery processing (basically nullifing any credit after the breach for an affected SSN without the Banks being more careful with regards to identity checks).
well nearly 30 class action lawsuits have been filed against Equifax... If they come out on the other side any other way but in a proverbial corporate coffin, it would truly be a miracle.
The thing to look out for, and call me paranoid if you wish, is now to "rectify" the problem, government or corporations (or both), now start to demand rfid biochip implants as a reliable means of authentication..... or transacting business.
It sure looked far fetched before the Equifax breach, now not so anymore.
Couldn't they just re-incorporate the next day in another jurisdiction.
Or it implies that the state can force them to sell all the assets, lay off all the workers, and return the money to creditors.
Well in either case, it is a nice fantasy. Doubt anything like that would happen. Even worse, after nothing happens, everyone who deals with such data will watch and learn a valuable lesson - "Don't bother with security or data protection much, just hire a PR firm and wait for online news to cool down for a month, then continue as usual".
Look at their stock https://finance.google.com/finance?q=NYSE:EFX was $140, crashed to $100 then recovering, now at $110. Only 20% down or so. And that's after losing SSN, names, addresses, etc for large chunk of the US population.