[exogenousdata]

Simple answer: Jail

Any company that accesses/uses Personally Identifiable Information (PII) must register a “PII Czar” with the proper authorities. That person (or persons, depending on the size/scope of the PII data) can be held criminally liable in the event of a data breach.

If a jury finds that the PII Czar enacted the correct policies/procedures & took the right precautions, a jury could find them innocent. But if there was willful or negligent handling at the company, the PII Czar goes to jail.

In the US, one of the big lies told at the corporate level is that no one ever sees jail time because the regulators are too underfunded in comparison with large companies. What’s necessary is clear personal ownership of PII and criminal liability in the event of a data breach.

[avmich]

"Don't you need a chairman?" Funt asked.

"What chairman?" Bender exclaimed.

"An official one - in a word, the chief of the establishment."

"I am the chief myself."

"In other words, you expect to do time yourself? Why didn't you say so in the first place? Why did you take up two hours of my valuable time?"

The old man in the Passover trousers became exceedingly angry, foamed at the mouth, fumed, emitted explosive noises, but the pauses between his sentences did not diminish.

"I am Funt!" he said emphatically. "I am ninety years old! All my life I've done time for others! Such is my profession - to suffer for others!"

"Oh, so you're professional figure-head!"

"Yes," said the old man, tossing his head boastfully. "I am Substitute-chairman Funt! I've always done time. At the time of Alexander the Second, the Liberator, at the time of Alexander the Third, the Peacemaker, at the time of Nicholas the Second, the Bloody." And the old man slowly bent back his fingers, counting the tsars. "At the time of Kerensky I also did time. At the time of Military Communism, I did no time, to tell the truth, because clean business disappeared and there was no work for me. But how I did time in the days of the NEP! How I did time in the days of the NEP! Those were the best days of my life..."

Ilya Ilf and Eugene Petrov, The little golden calf. https://archive.org/details/littlegoldencalf0000unse

[CatWChainsaw]

I hate the double standard where a low level employee can be fired and blacklisted for a black swan mistake, but systemic mistakes get the top levels golden parachutes. So no luxury prisons for execs, either.

Data Fiduciary Duty - you have to use the data you have in the best interest of your client (which isn't allowed to be the advertisers that want the data, nope!), and if that means deleting what isn't necessary, so much the better.

Also, forced arbitration isn't allowed and class action lawsuits result in more than a reward of $3.97 paid five years later with a free year of credit monitoring thrown in.