Well, I'd rather see some good old-fashioned Torts for damages whenever customer data ends up leaking.
The standards for negligence are set way too low.
Since the system is too corrupt to reform that away without violence, this proposal is as good as its possible to get.
Totally hear you on that—holding orgs liable through Tort law would send a much-needed shockwave. But in practice, enforcement lags, and by the time damages are assessed, the real harm’s already done.
That’s why I think verifiable behavior-driven systems like what we’re proposing offer a preventative angle, not just punitive. If the system’s too corrupt to fix top-down, then incentivizing provable compliance from the bottom-up might be the only peaceful workaround we have left.
Not perfect—but at least it’s actionable.
