I feel there is one glaringly incorrect assumption in this article: The idea that "Law" or another "agency" can rectify the issues involving Internet/Information security in the US OR the world.
One easily identifiable example of this failure of both law and agencies involves HEALTHCARE prices (and the industry) within the US---I'm sure all would agree that yearly price increases, that exceed market growth, is and will continue to be a major problem very soon. We hear about issues with price and affordability on a continuous and regular basis---so much that it's become a major political topic. We've been provided with two general solutions: Socializing the healthcare system OR somehow forcing competition. Both of these methods require a myriad of additional 'law' and increased 'government' involvement in the daily lives of its Citizenry.
Learn about the Centers for Medicare & Medicaid Services' (CMS) accessibility and nondiscrimination policies. Learn how to file a complaint if you believe you've been subjected to discrimination in a CMS program or activity. CMS programs, benefits, services, facilities, information, and technology meet Sections 504 and 508 of the Rehabilitation Act of 1973.
Affordable Care Act | Assignment Essays
There are plenty of existing methodologies and frameworks out there that do exactly that. What you need is a proper incentive for companies to adopt them, as well as an affordable, internationally accepted QC label, audit for which as @Figureitout already suggested should in some way either be tax-deductible or providing other benefits as not to favour the big players only.