[ebog]

Don't know why you're comment is grayed, we absolutely need heavy monetary penalties for the worst kinds of data breaches. The abstract idea of a class action lawsuit isn't enough, even after the Equifax breach.

[washadjeffmad]

Is there anything about how breaches are currently remediated that might contribute to better outcomes than if we adopted a higher and harsher penalty system?

It seems like it might create some perverse incentives as the risk escalates.

[ebog]

That's true. I'm sure that the perverse incentive could be resolved with some system for self-reporting and fixing.

[homologate]

Do you have a similar opinion in regards to crimes? Do you think that there will be less crime if there are harsher prison sentences? Are you in favor of mandatory minimum sentences?

If not, why do you think harsher punishments are needed here but not for crimes?

[ebog]

White collar crimes (like this should be) are all about making value calculations. Take the famous Ford Pinto memo. They decided the risk to their customers' lives was smaller (in terms of pure dollar amount, after potential litigation) than fixing the gas tank issue. If you penalize reckless security practices that lead to data breaches companies will be far more inclined to look after their customers. We already issue fines like this with COPPA, so it's not a new concept.

Street crimes have a far different cause and should be treated differently. I'm surprised I even have to type that, it seems obvious.

[throwaway2048]

Do you think there would be less murders or more if there was no punishment at all for murdering people?

That's where we are atm with security breaches.

[monocasa]

If street crime had lesser penalties than the profit of said crime, yeah, I'd be pushing for harsher sentences, yes.

That's pretty exclusively the purview of white collar crime behind a corporation though.

[yjftsjthsd-h]

Compared to effectively zero penalty, probably.