What I find particularly annoying in this kind of hearing is the condescending tone of the politicians. They are eager to put the blame on someone else when they are ultimately the ones who vote the laws.
You're not wrong, but on the flipside... do we really want them sitting around all the time thinking up laws they can enact to prevent every possible wrongdoing in society? It's a reasonable expectation that people self-govern with some morality and ethics and not look for every possible way to advance at the expense of someone else.
Company (mis)handling of user information is not exactly a new, one-off problem that came up just this one time. I would argue it's the exact problem they should be trying to curb with legislation, except for the fact they'll undoubtedly get it wrong since they'll look to "industry experts" like Mark Z for guidance.