>We need to establish measures of accountability for data holders. Not securing customer data appropriately needs to be persecutable, and the affected parties need to be given a right for compensation.

The ultimate entity that could hold businesses accountable is the government but the government itself is careless with citizens' private data.

I underwent a government required background check to get a security clearance and my data was stolen: https://en.wikipedia.org/wiki/2015_Office_of_Personnel_Manag...

My "compensation" for my data being leaked was 1 year of free credit monitoring. But obviously, criminals interested in identity theft will continue their attacks after 1 year.

As far as persecution/prosecution, I suppose Katherine Archuleta, the director of OPM, and the CIO, Donna Seymour ... could have been put in prison as punishment instead of just resigning. I don't think that would change anything. There will still be future scenarios where governments want more collection of private data. Flock cameras, TSA airport scans, internet access age-verification face scans, etc.