I am not a lawyer so we'll have to ask @sblackmer but I think the answer is simply that you, the Identity Owner, have breached a contract and are liable for damages. Who and how we enforce are open questions, but IMHO the main purpose of the Identity Owner Agreement is to ensure that Identity Owners have this minimal set of duties and that enforcement is possible where needed.
Absolutely—I plan on adding a requirement that the Sovrin Foundation host this permanent reference and all Trust Anchors link to it.
Again, right on. Now here's a nice thought: as soon as we have Sovrin agents providing secure private comms channels to their Identity Owners, any required notices can be delivered that way. Not just by us, the Sovrin Foundation, but by any organizational agent in the network who needs secure, private delivery of regulatory notices with automatic lifetime change-of-address built in!
I am writing them in there today.
Good point. Agreed and done.