[azinman2]

That’s assuming you regulate a very specific thing versus the end goal. To me the appropriate regulation is to find a way to cause real harm to T-Mobile when they are breached. When repeated like this or if done through effectively negligence, then they shouldn’t be allowed to be in business anymore. We gotta stop the tiny fines.. jail, billions of dollars in fines, remove their business license… something large needs to happen. Once that’s in place, you won’t need specific regulations as the incentive structure will be there to do the right thing.

[phaedrus]

One way to do so would be to make it so wireless companies can lose access to spectrum as a consequence of customer data breaches. Let someone else who can keep customer data secure have it instead.

[fauigerzigerk]

Most countries only have three large mobile carriers. You can't take action against their actual operations because you would be running out of alternatives pretty soon plus you would cause huge disruption to customers.

I think financial penalties are still the best bet if they are large enough to really hit profitability but not large enough to kill the company.

[clintonb]

That ultimately hurts customers more than the data breach. Limiting access means less availability for customers. If all the customers leave, you’ve just contributed to a monopoly/oligopoly.

[azinman2]

Or reserve it for the next company that could pony up at a significant discount.

Look - too big to fail means we let too many companies merge. This isn't a healthy situation that losing T-Mobile means having no competition left. We should probably unwind some mergers first.