[K]eeping data secure is difficult, and Equifax is hardly the first company to let people down in this fashion. Also, it’s too soon to know how the breach happened, whether the company was negligent, and what kinds of additional defenses could have made a difference.
Um, you are wrong, subprime breath.
Let’s stop right there. By definition if you’re robbed the controls you have in place were inadequate to prevent the robbery. You were negligent. What the editors of Bloomberg are talking about is criminal negligence.
That’s why I’ve been arguing for strict liability. Equifax should be held responsible for the consequences of their actions and inactions whatever its managers’ intent and whether or not they were reckless. It also explains the math I’ve been citing: if every individual whose data has been exposed due to Equifax’s heedlessness is compensated for a single hour of remedial action and/or worry about it, that alone would be enough to break the company.
Think Takata and airbags.
[T]here are already plenty of laws on the books to deal with this situation. What is missing is the will to enforce them.
Isn’t that usually the case?