While I was away, I saw this interesting poll in USA Today (12/28/06). Over 100 security professionals were asked "How should companies that expose confidential data be penalized?".
Here are the results:
- 48% -- Make the CEO's private information public
- 26% -- Criminal fines
- 24% -- Civil fines
- 2% -- No penalty necessary
Half (!) of the respondents supported an "eye-for-an-eye" type of justice. This has interesting implications in the medical world ("Doctor, you released my colonscopy results so we're now going to publish yours on the web...").
Finally, remember this was a poll of security professionals -- just imagine what a poll of patients might find.......