Proposed Senate bill could send execs who conceal breaches to jail
A re-introduced Senate bill is addressing a timely topic, by making it a crime — punishable by up to five years in prison — if companies knowingly conceal a breach of customer information. After a slew of cyber attacks (like the one on Equifax) and news that Uber concealed a breach impacting some 57 million people, Sen. Bill Nelson, the ranking Democrat on the commerce committee, is reviving a bill he tried to pass during the last session called the “Data Security and Breach Notification Act (PDF).”
If it becomes law, then it would overrule the many statewide laws regulating breach notifications by establishing a nationwide standard. There’s a requirement for companies to notify customers within 30 days, along with the potential criminal penalties. It also directs the FTC to develop standards businesses must follow if they collect customer information, like naming a person in charge of information security, establishing a process to identify vulnerabilities, have a process for the disposal of information, and other items in that vein.
In a statement, Nelson said “Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this commonsense proposal. When it comes to doing what’s best for consumers, the choice is clear.”
In 2015 Nelson’s bill was one of several introduced to deal with the issue of protecting customers from these leaks and it’s likely that it will again have company. Splits, mostly along party lines, over concerns of privacy, and potential over-regulation are some of the reasons legislation didn’t pass then and could prevent that from happening again.
Source: Senator Bill Nelson, Data Security and Breach Notification Act (PDF)