Absolute liability, no excuses accepted

Betcha all a jelly donut that if the law imposed an absolute liability on Pfizer in favor of anyone whose personal data held by them was compromised, say to the tune of $10K each, all of a sudden you'd see senior management taking security truly seriously.

The modern corporate world understands nothing except money. Corporate heads will not take serious steps to abate security problems relating to personal data until they are suddenly hit with costs they can't dodge in the $100 million range. To add piquancy, sting, and bite, the law could provide that if the corporation is unable to pay, the officers and board members are personally liable as well.

Lessee...17,000 employess screwed over, at $10K each...aha! $170,000,000. That'll make them wake up and pay attention. Yeehaw!

And if it takes the bankruptcy of a few corporations and a gaggle of executives to get the point across, that's just the price society has to pay for smartening up the rest.