Under Blumenthal’s data breach bill, the Department of Justice (DoJ) would be given authority to dole out fines of $5,000 per violation per day, up to the $20 million maximum.
The legislation requires that companies implement a series of safeguards to protect sensitive personal information of consumers. Fines could be assesses based on a company’s failure to implement these safeguards. If the violation is found to be willful, an additional $5,000 per day could be tacked on by the DoJ.
A consumer who has been harmed by a data breach could seek damages in court of $10,000 per day, up to a maximum of $20 million per violation, as well as punitive damages on top of that.
The bill would require companies to provide data breach victims with two years of credit monitoring; a “security freeze” to allow consumers more control over who can access their credit information; and insurance against fraud or reimbursement for actual damages and costs incurred.
“My goal is to prevent and deter data breaches that put people at risk of identity theft and other serious harm both by helping protect consumers’ data before breaches occur, and by holding entities accountable when consumers’ personally identifiable information is compromised. Systems to safeguard such private personal information, and prompt notification in cases of breach, both should be required, along with consumer remedies to compensate for any harm”, Blumenthal said in introducing the legislation.