(In the EU) companies are already required to tell where my personal data goes to. There is no specific fine for violations as far as I know though.
Essentially we need a price tag on personal data. Let's say 1$ for each email and password leaked to an unknown number of entities. That would be a 114M$ incentive for Uber to keep their data secure.
> There is no specific fine for violations as far as I know though.
It's a shame this happened pre-GDPR because that has steep fines - 4% of worldwide revenue - which would be north of $260M going off their 2015 numbers. And that's assuming they get off with a single fine.
GDPR is pretty much the thing that will - if properly executed - mean the end of these things.
As CEO, former engineer and customer I really hope this gets some serious traction. IMHO if you are making money from customers, it should be mandatory to follow compliance regulations and protect all data.
GDPR will come into effect in about half a year. Everyone is sitting duck about exactly how to implement things. When this gets into effect, companies will take it seriously - the fine is astronomical if you fail.
By analyzing how they prepared for the inevitable attack (mitigation), as well as how they respond to it after the fact.