Hundreds of millions of people have already been negatively affected by these breaches, and there is no end in sight. Sadly, there are few meaningful repercussions for losing customer data. The markets don't seem to care about data breaches, presumably because other than "aw, shucks" apologies by the company, there's little other impact on the business.
This is where regulations need to catch up to technology -- quickly. We need to penalize companies that cause large-scale data breaches impacting millions of people. Before you argue otherwise, these companies do cause these breaches; they are not victims.
We need to declare personal data as a private, regulated commodity. If they are going to collect and maintain data on their customers that can be used by bad actors to steal money and the identities of those customers, they need to be held accountable in ways significant enough that the markets do care. Only then will we see actual change in the way that data is managed and secured.
Personally, I'm not a fan of regulations. In a perfect world we wouldn't need any because they too have a habit of being misused and heavily applied. One needs only to look at any ordinary HOA agreement to see evidence of that. However, there are always going to be people who lack the common sense or have enough financial motive to willingly dispense with basic smarts, and thereby cause disasters and tragedies that affect hundreds, thousands, or millions of people.
If extremely strict regulation and heavy financial and possibly criminal penalties are what it takes to prevent or reduce these massive data breaches, then so be it.
Sign up for Computerworld eNewsletters.