Comment by egorfine

On an emotional level I feel the same way: I would love the company who leaked my PII die and their CEO/CTO be out of job forever.

Practically I think that leaking data is inevitable. A junior developer absolutely WILL vibecode a piece of code with glaring security vulnerabilities. An experienced sysadmin WILL temporarily allow public access to the S3 bucket and then forget.

So if you make sure liabilities are covered by corporate assets and are uninsurable, you will find out a world with no services soon.

I don't know what middle ground is possible to find here.