If we're OK with regulating SaaS companies (and anyone who connects their information systems to the internet) the way we do the airline industry, that may be an argument.

Bottom line though a good many folks here would loudly resist that kind of oversight on their work and their busineses, and for somewhat valid reasons. Data breaches hardly ever cause hundreds of deaths in a violent fireball.

If the consequences of an airline crash were just some embarassment and some inconvenience for the passengers, they would happen a lot more.

Also people almost never go to jail for airline crashes, even when they cause hundreds of deaths. We investigate them, and maybe issue new regulations, not to punish mistakes, but to try to eliminate the possibilty of them happening again.

> Data breaches hardly ever cause hundreds of deaths in a violent fireball.

Insurance people will be happy to tell you the price of the average citizen's life. Estimate the total cost to the economy, divide by the average citizen's life-value and you have the statistical deaths caused by this type of incident. Draw a fireball next to it for dramatic effect.

But generally, I don't think _every_ SaaS needs to be tightly regulated. But everyone that handles customer data needs to be. It would also very quickly make them stop hovering up any data they can get their fingers on and instead would make them learn how to provide their services securely without even having access to the data, because having that data suddenly becomes a liability instead of an opportunity.

> We investigate them, and maybe issue new regulations, not to punish mistakes,

This is not quite accurate. In the US for example, the NTSB investigates the causes of an incident, and the FAA carries out any subsequent enforcement action. Whereas the NTSB may rule the cause as pilot error due to negligence for example, the FAA may revoke the pilot's license and/or prosecute them in a civil case to the tune of a hundred thousand dollars and/or refer them to the Department of Justice for criminal prosecution.

At some point, some US department figured that they can practically budget a human life to cost around 10 million dollars - I wonder if the total amount of lives lost in airline incidents would incur the same amount of money lost as all the fraud that takes place after data breaches like these.