The solution seems simple: Stop blaming companies for things done by people who work there. Companies should not be their own judge jury and executioner nor be punished as a whole. Go after those who implemented things and those who ordered the implementation. Punishments should be small enough to still be in proportion with the offense and large enough to encourage others not to repeat the offense.
If someone doubts the legality of a request they should be obligated to report it internally to a member of a formal organization like lawyers and doctors have. Lose their title if they do not act on a report along with fines and prison sentences. Long prison sentences if they are new.
We pay the giant salaries to people with great responsibilities. Why would we shield them from responsibility? They should earn even more and have even more responsibilities.
It sounds like a blunt weapon but people are asked to do things that could have terrible implications all the time. With each data breach [for example] there was a dev who could have said no. It should have just enough personal implications to at least report it internally. If legal wants to stick their neck out for it personally the dev and their management are off the hook.
A few years back companies here were forbidden to pay speeding tickets for their employees. It was funny how some got a bill in stead of a pay check.
If someone doubts the legality of a request they should be obligated to report it internally to a member of a formal organization like lawyers and doctors have. Lose their title if they do not act on a report along with fines and prison sentences. Long prison sentences if they are new.
We pay the giant salaries to people with great responsibilities. Why would we shield them from responsibility? They should earn even more and have even more responsibilities.
It sounds like a blunt weapon but people are asked to do things that could have terrible implications all the time. With each data breach [for example] there was a dev who could have said no. It should have just enough personal implications to at least report it internally. If legal wants to stick their neck out for it personally the dev and their management are off the hook.
A few years back companies here were forbidden to pay speeding tickets for their employees. It was funny how some got a bill in stead of a pay check.