tl;dr: When a Major Disaster happens to a company, a CEO who hasn’t taken every reasonable precaution should be liable for fraud.

From It’s Time for a Data Breach Warning Label

The recent breach at Equifax is instructive. This company, and others also in the same business, maintain databases of information on just about every person (in the US at least) who has applied for credit recently (within the last 7 years at least, AFAIK).

Based on the reporting, it appears that the company has been woefully negligent in protecting that information, probably for many years. By failing to follow best practices in protecting the consumers’ data, not just their customers’, but everybody who had done business with their customers, the company risked an enormous amount of value, not to mention subjecting millions of people to the risk of identity theft.

While they (and their customers) may believe they are protected by “forced arbitration clauses and class action bans”, written into contracts people have to sign just to apply for credit, they’re wrong (AFAIK). There is nothing to stop Congress from passing a law invalidating those clauses. This puts Equifax, and potentially all their counterparties, at risk of major class-action suits, major enough to put them out of business.

Now it turns out that the CEO, who is retiring from the credit reporting bureau, will be taking with him “as much as $90 million — or roughly 63 cents for every customer whose data was potentially exposed in its recent security breach.”

Equifax (efx, -0.38%) said Tuesday that as a condition of Smith’s retirement, he “irrevocably” forfeits any right to a bonus in 2017, an amount that under normal circumstances would have totaled more than $3 million — the bonus he received in 2016 — according to the company’s retirement policy.

But the CEO is still set to collect about $72 million this year alone (including nine months’ worth of his $1,450,000 salary), plus another $17.9 million over the next few years. That’s when the rest of Smith’s stock compensation hits a few important milestones or “vests,” allowing Smith to essentially put it in his bank account. Altogether, it adds up to a total potential paycheck of more than $90.1 million, according to Fortune’s calculations based on Equifax securities filings.

The problem is that he clearly failed to make sure best practices were followed, which almost certainly violates the terms of his employment contract.

It would seem to me that makes him guilty of fraud, for which he should be charged, and if guilty every penny he has, based on years of fraud, should be recovered and applied to correcting this mess. Of course, I am not a lawyer, and don’t know whether there are legal games that could protect him, technically make him not guilty of fraud.

But if such “protections” exist, it would behoove Congress to remove them. A CEO who subjects his employing company and its customers and other counterparties to such risks, over years, should (IMO) be considered guilty of fraud.

I doubt this country’s financial system can survive if such negligence isn’t properly punished. These people make huge annual salaries, they should be responsible for earning them. Not just in this case, but generally.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store