2. There have been several incidents of data theft or loss involving personal information held by...

Its good to charge penalities for companies causing data breach and for those who are not able to protect the users personal information too and not only the data thieves.

The reasons to support are:

1. These data the user providing a company are their personal and important ones, it may include their personal phone numbers, thier bank account details and even their health information are provided for some purposes, so the data each company having about the user is very sensitive and needs great care .Because if its lost or leaked, its affecting the users existence. So the issue is a serious one and need to be punished by issueing penalities.
2. The users who are the victims of such breach will be very doubtful about other similar companies existence too, so such companies which cause data breach are serving as reasons of doubt and distrust by users on other similar companies. By this way other companies may also be affected in their business and customer trust. So its very important  to prevent such data loss and such offense should be punished in a hard way.
3. Not just the data thieves are the reasons for the data loss, its the company which is the main factor for the data breach, because its the company which is not ensuring the security of sensitive users data and due to this less security reason, the attackers attack the system data. So the companys should be charged penality so as to warn them to have high security systems for users sensitive data.
4. The data theft as well as data transfer to third party should be punished, because the companies trying to make profit by sharing the personal data of users to other third party companies or other countrys are also adding great risk to the personal data, because the third party can use these data for any purpose which is causing great threat to the users. So such attempts should be reported and penalitized in order to prevent any more such attempts by the companys.
5. The penalities imposed on the culprit company is great relief to the affected users of data loss. Whoever is fileing a claim on data loss can be compensated using this money obtained as the fine for their data loss, time and energy loss, loss of trust etc. So such penalities are of great use for the affected users.
6. The penalities imposed may often lead the company to bankruptcy which is a lesson for all other companies planning to make illegal profit through user data share or for companies using very weak security methods to store the personal details. The penalities mean that the company should not enjoy the profit it made through even good ways because, they have done great mistake playing with users sensitive personal data.
7. The fines imposed or the punishment given will be another teaching module or lesson which teaches the company fined and all other companies working with personal data that, its the users who are important and not the momentarily profits. Also it teaches that profit through bad means is destroying and the trust of users through good and sincere ways is persistant.
8. The act of government imposing fines and punishing the attackers are also helping to create trust in the people's mind about the government. That is there is the Government and Law always for the people in all their difficult times.
9. This method also helps the people to come out of their believe that goverment is only for the corporates. Its not true, the Government is for the people, by the people & with the people.
10. This act of the law also warns the attackers not to attack on the data any more and not only data attacks, no more offenses should be attempted by them.