One of the reasons that big data breaches, such as the one at TJX, keep occurring, is that there aren't sufficient incentives in place for companies to take this issue seriously. The key then is to develop ways for companies to see value in data security, and to be properly punished for their carelessness. At this point, the government doesn't seem to be doing much on this account, and even if it tried to do something, there's no guarantee that it would be effective, since many government regulations fail to achieve their desired goals. Now, a group of New England banks have filed a lawsuit against TJX, in hopes of receiving compensation for their own expenses from dealing with the situation. Their complaint seems legitimate since it's known that the breach has contributed directly to fraud, which is something that the banks themselves have to combat. As one representative from the group put it, "Right now we've had major breaches from major retailers, and there's very little recourse and little incentive for them to change." While the tort system is often abused, it can be used by legitimately injured parties to get compensation. If the banks are successful in winning damages, it's likely to open up a new (and hopefully effective) avenue in punishing companies that mishandle their data.