Re: Any consequences?
A gazillion upvotes - it's the exact question I want to see answered.
That the rules have been breached has been rather abundantly clear for years, but as long as that only results in nothing more than the removal of biscuits in the boardroom you might as well stop pretending that rules matter. Oh, and don't bother with punishing the organisation, that's mere accounting.
Proposal: all those responsible lose any claim to privacy, are moved into glass prisons and are banned from using any encryption for the duration of their punishment, with traffic and communication logs publicly available on, say, Facebook. Just an idea.