Hacker News new | ask | show | jobs
by JumpCrisscross 608 days ago
> law should be written to require a mandatory percentage of revenue. That will wake them up.

Percent of revenue fines regressively to margin.

10% of Walmart's revenue is 4 years' profits. 10% of Equifax's is a few quarters'. Moreover, you'd have a bureaucrats' delight of companies splitting revenues across entities while courts have to litigate common control claims. Unless you have a good reason to punish low-margin businesses more heavily than high-margin ones, this is an inefficient scheme.

Better: fines based on damages, trebled.
1 comments
TeMPOraL 608 days ago
> Better: fines based on damages, trebled.

Except damages for data leaks are kind of hard to compute, since in practice they're $0 until some of the data is provably used to cause some non-$0 worth of damage down the line.

link
JumpCrisscross 608 days ago
> damages for data leaks are kind of hard to compute, since in practice they're $0 until some of the data is provably used to cause some non-$0 worth of damage down the line

Through private action, yes. Use statute to define damages as a function of number of people affected, type of data released and whether the company self reported or was caught, by the public or a regulator. Add enhancements if the company was reckless, the data was out there for longer than a month or if it was accessed by foreign adversaries.

link