Oversight: I would add a mandatory security audit annually, that they have to pay for, and which occurs during a given quarter at random (so you can’t “put on your best face” for a single day).
The security audit cost is partially subsidized if they agree to a second audit 6-9 months after the first (tax funded).
Accountability: I would add Prison time as a minimum penalty for the CEO and CIO, and the punitive damages must be a percentage of their profits (no flat rates), which is in addition to any compensatory damages awarded to plaintiffs. The penalty shall be used to help pay for future audits.
Oversight: I would add a mandatory security audit annually, that they have to pay for, and which occurs during a given quarter at random (so you can’t “put on your best face” for a single day).
The security audit cost is partially subsidized if they agree to a second audit 6-9 months after the first (tax funded).
Accountability: I would add Prison time as a minimum penalty for the CEO and CIO, and the punitive damages must be a percentage of their profits (no flat rates), which is in addition to any compensatory damages awarded to plaintiffs. The penalty shall be used to help pay for future audits.