> The proposals include encrypting data so it cannot be accessed, even if leaked, and requiring compliance checks to ensure networks meet cybersecurity rules.
This didn’t sound like much to be honest. If your company needs to be told in 2025 to encrypt your data, the company should be shut down.
There need to be fines and jail time for breaches, along with audits that go far deeper than typical certifications where auditors just rely on evidence a companies volunteers. And also there should be required disclosure of what was leaked for each individual - retroactively - since companies like United / Change refuse to tell patients what info of theirs was stolen (same with other healthcare breaches recently). Oh and compensation for each incident to patients - this should be standard for any breach in any industry.
