Karl Bode, Techdirt:
A lack of any meaningful US privacy law for the internet era means there’s repeatedly no real punishment for companies that fail to secure the vast troves of data they’re now collecting on your every waking moment. Nor is there any real compensation for consumers who may not have wanted this data collected, stored, and sold to every nitwit with a nickel. There are so many points of failure here — from corporations that treat privacy and security as an afterthought to captured regulators too feckless to do anything about it — that focusing too extensively on national security risks us learning absolutely nothing from the experience.
The key thing to be learned from this saga is not that spies are seeking extremely high-profile targets, nor that U.S. companies’ security policies are ill-equipped to keep them out. It is that there is no reason that this cannot happen again because Equifax has no incentive or obligation to change, but neither does any other company operating in a oligopoly, or any of the thousands of companies that few people have heard of despite them vacuuming up every detail of our electronic lives.