1) If the value of the individual damages related to this breach are in excess of the market cap of the equifax company, all company stock should be seized and distributed equally among those affected by the breach.
2) In the future, if a company controls this amount of sensitive data, they should have mandatory breach insurance. This means that they are covered for a government mandated amount based on the legal liability if all their data was lost. This will mean that the insurers will do in-depth audits of the data security of the company, and they will be incentivized year-to-year to ensure their security practices are top notch. The present system incentivizes each CEO to have a head-in-the-sand approach to data security where a hack is considered a long-tail event unlikely to happen during the ceo's 3-5 year tenure and therefore is not really worth paying attention to. In addition, it would ensure that if the potential damage done if data is leaked exceeds the value of the business storing the data, the insurance will be prohibitively expensive and the company will not be able to continue with this line of business - as it should be.
1) stock siezure would kill the market. no one wants to invest in a company if the company stock can get yanked anytime. also, a share of stock is worth what someone will pay me for (ie when i want to convert that stock to cash). who will buy this from me if all of a sudden a bunch of people will take the JG wentworth option and cash out now.
2) i absolutely agree with the insurance companies being on the hook. They alone will drive insurance rates that are through the roof if the company cant prove pen-testing, employee background checks etc... Unfortunately teh key to making insurance company care, is setting a high standard for breach victim payouts. ie if it only ends up costing an average of $0.10 per individual victim, i dont need to insure equifax for that much?
I don’t understand how that would work, do you mean liquidate the company? If you mean actually take the shares from shareholders, wouldn’t the value of the stock go to near zero? Who would buy stock that could do that? But I agree with the general idea: they should go out of buisiness and whatever they have should be sold to reemburse people affected.
I wonder if the Feds could simply seize the company and issue treasury bonds to shareholders to cover the costs of their stake at the market's price. Eminent domain, or whatever legal term is latin for "we have the guns."
Then, yeah, liquidate everything and distribute the proceeds amongst the victims. It would be expensive, but...so what? The budget is $2T, and if the fine vastly outweighs the value of the company, then it is clearly a grave situation that demands an unusual response.
Maybe they could actually issue a realistic fine, and let the company deal with it. But the company would probably just distribute any remaining assets amongst their executives, fire everyone, and declare bankruptcy or something.
Okay, their fine is the value of their stock/options in the company. I think companies would care more about security if the board members were the ones we make examples of in cases like this.
1) If the value of the individual damages related to this breach are in excess of the market cap of the equifax company, all company stock should be seized and distributed equally among those affected by the breach.
2) In the future, if a company controls this amount of sensitive data, they should have mandatory breach insurance. This means that they are covered for a government mandated amount based on the legal liability if all their data was lost. This will mean that the insurers will do in-depth audits of the data security of the company, and they will be incentivized year-to-year to ensure their security practices are top notch. The present system incentivizes each CEO to have a head-in-the-sand approach to data security where a hack is considered a long-tail event unlikely to happen during the ceo's 3-5 year tenure and therefore is not really worth paying attention to. In addition, it would ensure that if the potential damage done if data is leaked exceeds the value of the business storing the data, the insurance will be prohibitively expensive and the company will not be able to continue with this line of business - as it should be.