Agreed value?
Can we not have an agreed value on personal information held by an employer or recognised institution, like a bank or the Govt?
It could form the basis of the penalty, payable to each victim, each time a breach occurred.
Or do all the kids these days not value privacy?