| "One of these days, some seasoned and principled lawyer, who knows a bit about tech, is going to get ticked off, and decide to make one of these companies truly pay for their gross negligence." Principled lawyer who knows about tech here: This won't happen. 1. It's probably not gross negligence - gross negligence is an extreme departure from ordinary standards of care - the ordinary standard here seems to be to suck at security :) Legislation could establish a standard of care here and make this kind of thing gross negligence, but that hasn't really happened yet. It's also not obvious they owe a duty of care to anyone in the first place, without which negligence is impossible (at least regular old negligence) - this also needs legislative fixing unless you want to end up arguing about it forever. 2. Damages are basically all speculative - what is your actual injury here, and how much can you prove the value of it.
Lots of people on HN love to say how much X or Y is worth. What can you actually prove in terms of real loss? It's fun to argue speculative loss (ie the value of your personal information maybe being stolen in the future, etc), but most cases are about real loss. In practice where it's too hard to calculate we often end up with statutorily set damages. That also hasn't happened here. Sorry to burst your bubble - without a bunch of legislation here, nothing is going to happen outside of the regular old class action lawsuits and $5 coupons. |
how hard it is to find a single company which does it right to testify? and then defense would have to find experts and several other legal counsels from similarly sized companies willing to testify that they also "do it wrong as a norm", with the extremely high risk of being included in the malpratice claim if the defense fails.