I don't want to start thinking of corporations as moral actors, like humans are. I just want them to be held legally culpable and made accountable when their behavior has negative consequences. The issue of morality is saved for humans.
Fortunately, companies can already be held accountable if their negligence exposes personal data in security breaches.
Likewise, individual members of the corporation can already be held both morally and legally responsible for their personal actions and negligence. That's enough for me, I don't need to try to shame legal constructs too.
Now, whether companies are actually held accountable in practice is a separate issue. Equifax certainly wasn't, not in any way that matters. The same could be said for morally culpable CEOs (or CISOs for that matter). But, that's a question of how the law is applied, not whether our moral stance should be changed.
Fortunately, companies can already be held accountable if their negligence exposes personal data in security breaches.
Likewise, individual members of the corporation can already be held both morally and legally responsible for their personal actions and negligence. That's enough for me, I don't need to try to shame legal constructs too.
Now, whether companies are actually held accountable in practice is a separate issue. Equifax certainly wasn't, not in any way that matters. The same could be said for morally culpable CEOs (or CISOs for that matter). But, that's a question of how the law is applied, not whether our moral stance should be changed.