[Deimorz]

Because fines like this are often more about sending a message to the entire industry than simply about reimbursing damage. It's saying, "make sure you take security seriously, or you're risking us taking X% of your revenue/value".

If you don't do it this way, you end up in a situation similar to speeding tickets: well-off people don't care at all (and are even probably more annoyed about having their drive interrupted than the actual fine), but it can mean a poor person has to skip meals to recover. If the goal is discouraging a certain type of behavior overall, it has to hurt violators comparably, no matter their wealth.

[pmiller2]

> It's saying, "make sure you take security seriously, or you're risking us taking X% of your revenue/value".

I would believe that if these companies didn't just keep doing what they were doing anyway. Losing a percentage of revenue or profit for one year does nothing to deter them! We need to reinstate the corporate death penalty. Equifax deserves to die for its negligence, IMO.

[Deimorz]

I agree with you; the fines are much too small. But the point is that they're too small for both Equifax and Facebook. Facebook's stock even went up because it was only a $5B fine!

The only way things will change is if the fines hurt more, but it needs to hurt the huge companies just as much as the small ones, otherwise it ends up just being another factor that helps keep the already-dominant companies at the top.

[maccard]

Do you really believe that Facebook's stock went up because they "only" got a $5B fine?

Facebook's stock went up because they had a pending fine, and the value of the fine was announced, reducing uncertainty. Put another way, would you buy a car that has an unknown repair bill for the same price as a car you know how much it's going to cost to fix?

[MisterBastahrd]

"You don't get to exist if you screw up that badly" is a great way to send a message to an industry. Sorry, but Equifax is in a position to be a gatekeeper for data of people who haven't asked or given direct permission for them to have it. They should have gotten the death penalty as a corporation and their remaining data should have been seized.