[alemanek]

Full liability for secondary harms caused by the leak of data that wasn’t directly required to provide a service to those same end users. Selling of data to third parties doesn’t transfer this liability but expands it to include any leaks or misuse coming from the entities the data is sold to. No statute of limitations.

So if company X sells data to company Y and then Y sells to company Z then company X has full liability for leaks or misuse from all entities in the chain.

No more free credit monitoring. Banks, credit card companies, and end users get to directly sue these companies. May not completely solve it but you can try to make it so expensive to mine data you don’t truly need that it ends the whole industry.

I am sure there are holes in this but we can at least try to kill the data brokers and bad actors.

[_heimdall]

We don't need more laws to solve this if your concern is a more harsh punishment for data leaks, we need to remove existing laws that limit the damages a company can be liable for and we need consumers that care enough to sue when they are harmed.

[alemanek]

That is what I am saying above. Full liability for the data stored and shared with others. Transitive liability would need to be a new law though as I don’t believe that currently exists.

EDIT: forgot to mention consumers don’t need to care much for this to be effective. If there are damages to be had law firms are incentivized to file class action lawsuits and recruit affected customers. So, there is an incentivized actor within this framework to do the leg work to get a big payday.

[_heimdall]

> Transitive liability would need to be a new law though as I don’t believe that currently exists.

That likely would end up just being case law rather than legislation. Meaning, a lawsuit can be filed for it today and its up to the courts to decide if that liability is reasonable.