Are you assuming here that Equifax could absorb any size of fine?
Also, you seem to be OK with the idea that any company that gets hacked could be fined $5 billion. As being unhackable is an unachievable standard, that effectively means the FTC could bankrupt almost any company on a whim. That would be huge power in their hands and would not magically stop exploits from happening.
I think there's a big question about whether Equifax should have been fined at all. It would appear to either require mass inconsistency by regulators, or would put most US companies that rely on IT out of business.
I think you have a tendency of assuming a little bit too much about what others think based on 1 sentence.
> Are you assuming here that Equifax could absorb any size of fine?
Who said any size of fine would be appropriate? There is a lot of possible fine size between 500M$ and the max they could absorb.
> Also, you seem to be OK with the idea that any company that gets hacked could be fined $5 billion
Where did I say that? I am OK with facebook getting fined 5B$ in this context, that doesn't tell you anything about other hacks and other companies. I am also a little bit reluctant to call facebook's case a "hack".
> I think there's a big question about whether Equifax should have been fined at all. It would appear to either require mass inconsistency by regulators, or would put most US companies that rely on IT out of business.
You should maybe think outside of the tech bubble for one second? What you find apparently unthinkable is already in place in many other industries. Do you think there will be no repercussion for Boeing's crashes if it was caused by their carelessness? What do you think happen if an engineering company builds a bridge and it collapses because of a design mistake? Yet mistakes are human right?
Private data is something that should be protected. It is not as important as human lives, but it is very important. If you build a business around handling user's private data, but can't be bothered to properly protect them, then yes you should get fined heavily or even put out of business.
And just like in engineering there should be investigations into what happened to determine how much of it was pure carelessness and how much could not have been realistically prevented. In the case of Equifax, they didn't even bother applying security patches to their external facing software.
The airline industry is heavily regulated and the software industry isn't. Will Boeing be punished if they're found to have made a mistake - politically it's an absolute certainty, legally I presume it'd depend on whether there was an element of knowing to it, or whether all parties genuinely believed they were doing the best thing for safety.
But despite how tempting it is to punish people who make mistakes, it's generally understood that incompetence is not illegal and should not be. Criminalising incompetence just makes everyone a criminal and hands absolute power to prosecutors and regulators: a scenario warned against many times by students of history.