Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Senate Dems Propose Jail Time for Execs for Concealing Breaches

Top Democrats on the Senate Commerce Committee have introduced legislation that would slap executives at breached companies with jail time for concealing a breach.

The bill, known as the Data Security and Breach Notification Act, follows in the wake of the Uber case—the ride-sharing giant suffered a breach affecting 57 million people more than a year ago, and paid the hackers $100,000 in hush money rather than disclose the situation. While 48 states have data breach notification laws, these vary by state; the Act would implement nationwide breach notification standards that would make repercussions for not reporting a hack uniform.

To wit: Anyone convicted of “intentionally and willfully” concealing a data breach would face fines and up to five years in prison. It also directs the Federal Trade Commission to establish security protocols around customer data for businesses, including incentives to implement encryption.

The legislation was introduced by Senator Bill Nelson (D-Fla) and co-sponsored by Senators Richard Blumenthal (D-Conn) and Tammy Baldwin (D-Wisc).

"We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers," Nelson said.

However, the Democrats have a minority in Congress—making the bill’s future uncertain, despite the clear consumer benefits that it would engender.

“The confusing patchwork of state disclosure laws ensures that a number of lawyers remain employed to interpret them,” said Tim Erlin, vice president of product management and strategy at Tripwire. “It’s an inefficient system, no doubt, but the US has failed to address it with a national breach disclosure law for years. While lawmakers may be shocked at Uber’s behavior, it’s unlikely that they’ll be shocked into meaningful action.”

He added, “Breach disclosure laws protect consumers and hurt corporations. It’s unlikely that a meaningful national disclosure law will get serious consideration from a Congress and White House that are clearly supportive of big business interests.”

Top Democrats on the Senate Commerce Committee have introduced legislation that would slap executives at breached companies with jail time for concealing a breach.

The bill, known as the Data Security and Breach Notification Act, follows in the wake of the Uber case—the ride-sharing giant suffered a breach affecting 57 million people more than a year ago, and paid the hackers $100,000 in hush money rather than disclose the situation. While 48 states have data breach notification laws, these vary by state; the Act would implement nationwide breach notification standards that would make repercussions for not reporting a hack uniform.

To wit: Anyone convicted of “intentionally and willfully” concealing a data breach would face fines and up to five years in prison. It also directs the Federal Trade Commission to establish security protocols around customer data for businesses, including incentives to implement encryption.

The legislation was introduced by Senator Bill Nelson (D-Fla) and co-sponsored by Senators Richard Blumenthal (D-Conn) and Tammy Baldwin (D-Wisc).

"We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers," Nelson said.

However, the Democrats have a minority in Congress—making the bill’s future uncertain, despite the clear consumer benefits that it would engender.

“The confusing patchwork of state disclosure laws ensures that a number of lawyers remain employed to interpret them,” said Tim Erlin, vice president of product management and strategy at Tripwire. “It’s an inefficient system, no doubt, but the US has failed to address it with a national breach disclosure law for years. While lawmakers may be shocked at Uber’s behavior, it’s unlikely that they’ll be shocked into meaningful action.”

He added, “Breach disclosure laws protect consumers and hurt corporations. It’s unlikely that a meaningful national disclosure law will get serious consideration from a congress and White House that are clearly supportive of big business interests.”

What’s Hot on Infosecurity Magazine?