I did not intend to say that we should go outside of the confines of the law here and lynch anyone. But I sincerely hope that our legal system has the power to punish gross negligence (I mean that in an everyday sense, not as a legal term) and that officials and CEO's can't get away with anything by just burying it under several levels of procurement. The company in question was obviously not competent enough to handle the data that they received, and it is gross negligence to take on this kind of project without doing a proper audit of their systems and methods. At the very least, their handling was against GDPR, which should result in fines.
Yet somehow, they ended up with the project. That is negligence on someone else's part. If you're hiring contractors to build a highway bridge, you should be held liable if you pick the local carpenter to do the job, just because they say they definitely know how to make it out of wood. I hope that the legal system can punish governmental officials and government contractors for handing off sensitive data to a party that isn't even aware of how incompetent they are, and that merely the procurement can be considered illegal.
If my hopes are not fulfilled, and one can indeed hand off all responsibility in a procurement process, then I instead hope we will see the law change in this regard.
As for people losing their jobs, I think that warrants no explanation.
Still, I agree: the issue isn't bad actors, the issue is the process, and it needs to be addressed. But part of a good system is not letting contractors getting away with bullshit, and making sure something is at stake when you take on a contract. If you can walk away from this wreckage without consequences, what's to stop you or anyone else from continuing to play fast-and-loose (which is usually the cheapest way to do things) with the public's data, raking in the payments and shrugging it off when things blow to pieces?
I understand I could have made that clearer, and I'll think about how to change my wording, or adding a footnote or something.