As much as we love to imprison people in the US... Maybe just make the expected value of cover up massively negative with fines as significant multiples of actual damage?
It's all Monopoly money to corporations. If there is no fear of an actual corporal punishment, then there is no personal skin in the game, so to speak. An executive who causes a corporation to be fined may worry about losing their job, but they'll be much more worried if the risk is going to prison.
And it's not that we love to imprison people in the US, it's that we love to imprison the wrong people.
>It's all Monopoly money to corporations. If there is no fear of an actual corporal punishment
The Swift Ban was as close to an economic death penalty as you can give a bank, we should do it more often to corporations, public or private, that act the fool
(Looking at you, China, with your manipulation of both CNH and CNY)
Surely you don't mean by this that they don't care about money. Isn't the cynical take normally that corporations are amoral money maximizing juggernauts? Why wouldn't they respond to adequate threats?
It's not that they don't care about money it's that they are less affected by loss.
Once someone earns about 10 million they can live for the rest of their life in a reasonable way without working again. So when you are an executive who has assets of 50 to 70 million and your stock, which was worth 10 mil is now worth 7 mil you aren't hurt that bad.
The company can they raise prices, cut quality, and fire people to reduce costs to make up for the fine. The stock might eventually even go higher than it was before.
What I mean is that executives value their personal livelihoods above money, though the two are often correlated. Therefore the punishment needs to strike at the core, their personal as opposed to financial freedom. "Big" fines for corporations have been around forever, I don't see them changing anything.
If someone makes a big deal out of never killing, and they do multiples of damage to that, some of which causes others to die of depression... then walk them out of their offices in handcuffs, one by one, until they're "nudged" to change their behavior.
I feel just as precarious as I did in 2008. (Moreso since I'm older, and don't have the clean slate young people do but don't have the savings others have on this site despite always trying to make the least wrong decisions I could... but if others don't opt in to giving me income, I can't invest it wisely, full stop.)
I dunno, we seem to issue fines a lot nowadays and the behavior doesn't change.
What even would the the expected value for a fine in this situation? It seems overly complex to calculate as I don't think even the FTC tried to put a value of the damages from the sale of the person information.
Fines or threat of jail time is just trying treating the symptoms. Bigger issue is that companies use SSN as a way to authenticate a user. Government should mandate only allowing SSN for tax identification purposes. Passwords need to go away and with webauth, we are almost there. The average person is re-using the same password across sites so it’s pointless protection.
An e-commerce store hack shouldn’t give hackers the data needed to access customers financial accounts.
It's not them who are the problem. Its financial institutions and other services that use SSN as way to verify a person. You should not be able to setup a cell phone plan by providing a name and a SSN. And credit reporting should not be tied to a SSN. It should just be used to submit tax information to the government and have no value beyond that.
> I dunno, we seem to issue fines a lot nowadays and the behavior doesn't change.
We issue fines, yes. We do not issue fines to an amount that would incentivize behavior change. Most fines from agencies like this, when I see them, tend to be in the <$10 range, when scaled to how "impactful" the fine would be against an average person's income. My father would call a fine that's less than $10 a "toll".
In this particular case, the fined entity is too small for me to know exactly, as I can't find their financials. But the amount doesn't smell large.
In some instances, I've seen agencies level $0 fines against corporations. Literally, all the agency demanded was "stop doing the bad thing, m'kay?"
>We issue fines, yes. We do not issue fines to an amount that would incentivize behavior change.
Who is we? The US?
I see many euros on HN tutting about lax regulation, but no one in the EU seem willing to actually enfore the GDPR and levy a corporate death penalty if their brothers across the pond won't do the needful.
(I'm eligible for an Italian passport Jus sanguinis, though I had intended not to look into it until late in life -- maybe I should abandon my American one, and immediately lobby for the above to my new elected representatives, since everyone I've met from the world of spooks seems to obstruct me out of fear I'll expose their illegal behavior rather than do their damn job well enough I wouldn't notice how they spend their free time.)
