Latest in Gear

Image credit: Kevin Lamarque / Reuters

Proposed Senate bill could send execs who conceal breaches to jail

Similar legislation failed to pass in 2015.
327 Shares
Share
Tweet
Share
Save
Equifax Interim CEO Paulino Barros (L), former Equifax CEO Richard Smith (C) and former Yahoo Chief Executive Marissa Mayer testify before a Senate Commerce, Science and Transportation hearing on "Protecting Consumers in the Era of Major Data Breaches" on Capitol Hill in Washington, U.S., November 8, 2017. Kevin Lamarque / Reuters

A re-introduced Senate bill is addressing a timely topic, by making it a crime -- punishable by up to five years in prison -- if companies knowingly conceal a breach of customer information. After a slew of cyber attacks (like the one on Equifax) and news that Uber concealed a breach impacting some 57 million people, Sen. Bill Nelson, the ranking Democrat on the commerce committee, is reviving a bill he tried to pass during the last session called the "Data Security and Breach Notification Act (PDF)."

If it becomes law, then it would overrule the many statewide laws regulating breach notifications by establishing a nationwide standard. There's a requirement for companies to notify customers within 30 days, along with the potential criminal penalties. It also directs the FTC to develop standards businesses must follow if they collect customer information, like naming a person in charge of information security, establishing a process to identify vulnerabilities, have a process for the disposal of information, and other items in that vein.

In a statement, Nelson said "Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this commonsense proposal. When it comes to doing what's best for consumers, the choice is clear."

In 2015 Nelson's bill was one of several introduced to deal with the issue of protecting customers from these leaks and it's likely that it will again have company. Splits, mostly along party lines, over concerns of privacy, and potential over-regulation are some of the reasons legislation didn't pass then and could prevent that from happening again.

From around the web

ear iconeye icontext filevr