You might not like this law (and I'm agnostic on it) but I think the principle that individuals should be held accountable when laws are broken is important. Otherwise we just have token fines and corporate non-compliance because the risks don't outweigh the potential financial benefits.

I think people at Experian should have gone to jail, for example, for their incompetence and negligence in regards data breaches.