News Stay informed about the latest enterprise technology news and product updates.

Proposed data breach legislation could put executives in jail

Democratic senators have proposed data breach legislation that could lead to jail time for some executives who conceal breaches and fail to disclose them to consumers.

Democratic senators have re-introduced the Data Security and Breach Notification Act that proposes severe consequences...

for enterprise executives, including jail time, for failing to notify consumers of a breach.

The proposed data breach legislation would make the willful concealment of a breach a crime that is punishable by up to five years in prison. The bill also states that a "covered entity" must provide notification to users or customers within 30 days of the discovery of the breach unless a U.S. federal law enforcement or intelligence agency exempts the entity from informing the public. The data breach legislation also provides some wiggle room for the notification deadline in order for enterprises "to accurately identify affected consumers; to prevent further breach or unauthorized disclosures; or to reasonably restore the integrity of the data system," according to the bill.

"We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers," said Sen. Bill Nelson (D-FL), who sponsored the bill, in a statement. "Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this commonsense proposal.  When it comes to doing what's best for consumers, the choice is clear."

Nelson's statement cited the 2016 Uber data breach, which was concealed by company officials and only recently made public. The breach exposed the names, email addresses and phone numbers for 57 million worldwide customers as well as the names and driver's license numbers of 600,000 U.S. drivers.

Nelson first introduced the Data Security and Breach Notification Act in 2015 and introduced another version of the bill last year as well. The current version is co-sponsored by Sen. Richard Blumenthal (D-CT) and Sen. Tammy Baldwin (D-WI).

The proposed data breach legislation includes a provision that requires the Federal Trade Commission to develop new information security standards for businesses to adhere to in order to prevent breaches.

A federal data breach law could potentially replace individual state laws such California's SB-46 data breach notification statute. Enterprises, however, would still have to contend with the data breach notification laws in other countries, which in some cases are much stricter. For example, the European Union's General Data Protection Regulation will require companies to notify authorities of a data breach within 72 hours when the law goes into effect in May.

Dig Deeper on Information security laws, investigations and ethics

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Are the penalties under the proposed Data Security and Breach Notification Act too harsh? Why or why not?
Cancel
As long as any fines are proportionate to size and type of misconduct that will be acceptable, 4% does get executive attention! Only money-pain will change executive attitudes and behaviours towards data privacy. 

Fines that become back door finance for the supervising authorities are much less acceptable. 

GDPR is critical to protecting personal data, elsewise we are back to paper and post as identity theft renders online systems wide open to crime.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...

Close