Ideally there would be regulation that drastically limits the blast radius of such incidents. In a perfect world, these companies would not be allowed to hold on to private information and would simply operate as zero-knowledge networks in the same way that Internet carriers do (in theory at least).
Ok, but you still haven’t made an argument for why it would be better to spend a lot of effort designing a complex system of incentives and punishments for private companies rather than focusing on building a quality public service.
