George V. Hulme writes:
Are regulatory and security breach fines protecting the consumer, or beginning to unduly drive security policy? As penalties begin to be levied against organizations who have been attacked, or employees violated data policy, some experts now question whether the government is penalizing one of the victims in a crime, rather than helping to mitigate the risk of identity theft — as the laws were first intended.
Read more on NetworkWorld.