[Dataloss] CEOs deserve jail for data breaches

[Allen]

Jeff wrote:
> Putting a CEO in jail for a data breach would be ridiculous unless the
> person were directly responsible for releasing the protected information.
> Jails are already over crowded and this would not solve the problem.
> Generally, it's hard to find people more clueless about IT than a CEO! 

Which is why it would be *very* useful to jail them as an example to 
the rest to get a clue.

In addition, the laws of agency dictate that the buck stops at the 
CEO and if he/she hires clueless people who create structures 
subject to data breach, then *they* are the ultimately responsible 
party.

In an arson for hire, not only do the arsonists get charged, but 
also the person who hired them. Should they (as the CEO of the 
enterprise) go free because they are not directly responsible? I 
think not.

Best,

Allen

(Sorry for the very delayed response - the original post got 
mis-filed.)