I don’t disagree about the particular legal criteria leading to his conviction.
I’m saying that when you have severe data breaches then individual should be liable for gross negligence or malfeasance.
In Equifax that might end up on whoever cut security budgets to the bone rather than the hapless sysadmins.
Cambridge would be whoever started slurping - who ordered it & who did it.
Assumption of innocence: unless it is proven either negligent or intentional, person walks away. Don’t want the job of sysadmin to become exposed to spiteful scapegoating either in case of honest errors.
Look at medical, public transport operators, etc... for guidelines.
But it’s high time we make individuals liable - large data breaches, not this particular lowlife, can result in thousands, if not millions, being exposed to fraud. How much crime will that facilitate? Not particularly fond of filling up prisons, but at some point it becomes worthwhile to dissuade certain types of crimes or negligence by harsh penalties.
Think of it this way: why are we cheering this bozo getting 6 months and accepting a truly trivial monetary penance from Equifax?