Here we see people clamoring for government regulation of tech issues after numerous stories on that same government's lack of understanding of tech issues. Really?
If the banks charge the retailer that suffered the breach for the damages resulting from the breach, then only the offenders suffer rather than making everyone suffer under onerous and ill-conceived regulations. Not to mention that charging for the damages from a breach means the punishment will actually fit the crime. Further, punishing a single guilty retailer for a breach means the customers can go to another retailer that is not having to raise prices to cover a breach fine, which is even more incentive for a company to protect against a breach in the first place.
And all this takes place without the need for 2000 pages of regulation that nobody will be able to understand and no risk of unintended consequences resulting from it that nobody can fix because of the same gridlock the article summary complains about.
It's like that scene in Kill Bill where Budd's manager tells him that "fucking with your cash is the only thing you kids seem to understand."