I used to think that the solution was that executives should be responsible legally for customer data kinda like executives are responsible for customer money in financial services accounts, but then, the government doesn't hold those turds responsible either and there are laws in that context already they are just not enforced except for cases where the big guys want a competitor taken out and use their bought and paid for government stooges to get it done.
Until the government isn't completely complicit in the rapine of customer information from domestic corporate networks for their own dubious and possibly evil purposes, they have no credibility to hold private executives to account.
Also, look at the security history of the legislative branch, a bunch of whom had some really sketchy foreign nationals running a small business looking after their IT while also perpetrating a variety of real estate scams and offshoring a bunch of cash to Pakistan...nothing to see here folks, move along.
Biting the hand that feeds IT
