I'm not sure that would do anything other than spur the companies to have an identity theft protection department.
I'd rather them give basic compensation to anyone with breached data (even if it is $10) in addition to covering the costs of anyone who had problems after the breach. The first year, I'd think it would be best if the consumer didn't have to prove it was their fault as that could be too much of a burden for folks.
I'd give an exception for companies that went over and above on their own security and still got breached. After all, security doesn't make one completely safe (much like places can still get robbed), simply less likely.
I'd rather them give basic compensation to anyone with breached data (even if it is $10) in addition to covering the costs of anyone who had problems after the breach. The first year, I'd think it would be best if the consumer didn't have to prove it was their fault as that could be too much of a burden for folks.
I'd give an exception for companies that went over and above on their own security and still got breached. After all, security doesn't make one completely safe (much like places can still get robbed), simply less likely.