Will companies start being held legally and financially accountable for sweeping data breaches under the rug? 

Clearly, something must be done. We just need a version of the Data Security and Breach Notification Act that can be agreed upon by legislation.