Companies should definitely be fined if they fail to notify customers. If companies store consumer's data, they become responsible for keeping that data private. Whether that data be address or sensitive billing information. More often than not, these data breaches occur because the company has failed to define and/or enforce proper IT Security protocols. Failing to enact those policies, let alone failing to notify customers when that data is lost is pure negligence and should be held accountable.