No you misunderstand. The person handling data is not responsible. Their motivation to protect that data is found only in their desire to maintain a reputation and in their desire to stay in the good graces of the legal owner. If he gets angry, he doesn't have to face the legal consequences to the degree that an adult would. You want your provider, the person handling the data, to know the fear of the legal repercussions of immature actions. Immaturity is something he displayed here on page 1, and countless times over the years at WHT. Now we know he's immature and not legally liable, but he's the one handling the data.
You don't WANT to take legal action, you want to know that the person handling your data is legally liable to decrease the chance of you having to take legal action. Taking legal action means the damage of an unfortunate event is done, that situation is the one you want to avoid.
He is immature, he is running the company with no apparent constraints, he speaks and acts out of anger, and he is not legally liable in any significant way if he acts out. This is a BAD recipe.