[popcorncowboy]

If the executive knew at all about the state of security or the potential risk of breach, then they are culpable and should be personally prosecuted.

The story HAS to be that if you, as an exec in power, know your company has deficient safety protocols regarding its care of toxic material, the breach of which is known to cause serious damage and harms, AND you do nothing: hello personal prosection, reaching right through the corporate veil.

Until we set this kind of legal precedent for the egregious disregard for the integrity of private and personal data, this is just going to keep happening.