thatattyguy

thatattyguy t1_jdys4qi wrote

Does it matter in your mind whether these fines and consent decrees actually deter bad actors from focusing on protection of consumer data over profit?

If breaking the law earns a company $200 million p/year, not breaking the law nets it only $100 million p/year, and the penalty for getting caught breaking the law is $10 million p/year, then it's just a tax by another name. It's the feds taking a taste via a garden-variety mobster protection scheme. "You break the law, you make a lot of money, you break us off our piece and we'll sanction the behavior on an ongoing basis.

At the higher end, with the larger corporations, it's impact on behavior is likely somewhere between negligible-to-non-existent. The money is not enough to do more than subsidize on-going collection efforts.

The lesson here to private industry is to scale your criminality in order reduce the impact of real civil world consequences. Though is it even "criminality" to protect consumer data as cheaply as possible while still being able to maintain the pretense of respectability? Especially when the payment of the fine seemingly washes away past transgressions, and no criminal charges are ever filed?

It doesn't feel satisfying, as a person whose data has been ripped more than once. Make the penalty big enough to bk the company. Put some teeth in it.

1