[king07828]

As the Devil's Advocate, one can argue that the fraud was perpetrated at the peon level of the loan originators, who originated loans to people that could not afford the loans. The executives hands were washed clean by the ratings agencies that gave out AAA ratings. Those high ratings were "reasonable" because the loans were consolidated into CDOs and the top traunche(s) of the CDOs can handle a few missed payments from some of the debtors. In hindsight, many of those products probably should not have been AAA rated (especially ones that consolidated lower traunches of other CDOs). If there was a law that stated that ratings agency executives go to jail when AAA rated products fail (i.e., make them strictly liable for top rated products instead of relying on reputation alone), those executives would likely pay better attention to which products get AAA ratings. Looking back, there was no such law and the ratings agencies were free to give out improper ratings backed by their reputations.

Skipping back to private consumer data, a law that clearly states that executives go to jail when there is a breach of private consumer data would likely increase the chances that the executives will pay better attention to what data is collected, how data is stored, and how data is protected.

Tangential topic: an interesting regulatory idea would be to have mandatory jail time for all executives (and board members) of a company of a minimum size that is successfully sued in a class action for more than X dollars. Make it strictly liable so that no direct knowledge is required to convict so as to punish executives who allow their companies to harm the public. If an executive allows their company to harm the public, then that person is not fit to serve as an executive.