[overfeed]

> We need a law mandating the company pays at least $1k per exposed record per customer or absolutely nothing will change.

That won't change a single thing, except for shell-company shenanigans, more frequent bankruptcy proceedings, and the same people coming back trading under a new name and logo. A law sending people to prison may actually change things.

[troad]

"Oh you want to make a little start up to share recipes between friends or whatever? Aww, that's cute. Well, here's the OAuth spec and an incomplete list of footguns. I hope your grasp of elliptic curves is strong. Prison time if you fail."

The absolutely only consequence of laws that criminalise mistakes in handling of PII is to force everyone to externalise auth to the likes of Auth0. And you can bet your ass that if this ever happens, the likes of Auth0 will lobby like hell to never ever repeal or update those laws, being a vast corrupt funnel of business to them.

Congrats, you've created a new Inuit.

[JeremyStinson]

All those people have high-priced lawyers that will keep them out of prison. The DBA and the Data Engineer will be the ones who go to jail for "Not ensuring all applicable data security controls were configured, and enabled, to prevent the detection, collection, and modification of any and all data assets within the purview of Company X, all its holdings and subsidiaries."

[lucyjojo]

force nationalization of the business for egregious cases.