The Daily Swig Web security digest

Executives face jail time under new breach disclosure legislation

James Walker | 04 December 2017 at 14:58

Measure calls for up to five years in prison for knowingly concealing hacks.

Following the massive Equifax breach that threatened the private information of more than 145 million Americans, three senators have tabled new legislation that would impose new criminal penalties on executives who deliberately conceal breaches.

Last week, Senators Tammy Baldwin, Bill Nelson, and Richard Blumenthal introduced a new bill that would require companies to notify consumers of data breaches within 30 days, and make it a crime punishable by as much as five years in prison for knowingly concealing them.

“The recent data breaches, from Uber to Equifax, will have profound, long-lasting impacts on the integrity of many Americans’ identities and finances, and it is simply unacceptable that millions of them may still not know that they are at risk, nor understand what they can and should do to help limit the potential damage,” said Senator Baldwin.

“The Senate needs to take action to hold these companies accountable and require them to notify affected consumers when their personal information has been breached. This legislation will make sure we are doing right by consumers.”

In addition to requiring companies to warn consumers of breaches, the legislation also directs the Federal Trade Commission to develop security standards to help businesses protect consumers’ personal and financial data and provide incentives to companies who adopt new technologies that make consumer data unusable if stolen during a breach.

If ratified, the bill would would herald significant change to US data laws. Currently, 48 states have data breach notification regulations – the intricacies of which vary from state to state.