Three U.S. Senators have introduced a bill that would require jail time for corporate executives who do not notify consumers of a breach within 30 days.
The Data Security and Breach Notification Act was introduced by Sens. Bill Nelson, D-FL., Richard Blumenthal, D-CT., and Tammy Baldwin, D-WI., Nelson introduced similar legislation last year, will require quick notification of breaches and impose new penalties for the executive of any companies that withhold such information from the public. If the news of a breach is not released within 30 days the executives in charge could face up to five years in jail.
“We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers,” Nelson said, who is the ranking member of the Senate Commerce Committee.
The bill also requires that the Federal Trade Commission create strict standards business will have to follow to protect personal and financial data. In addition, the legislation incorporates a carrot and stick approach providing incentives to companies that adopt any technology that will make consumer data unusable if compromised.
The introduction of was spurred by the recent revelation that Uber executives had not only withheld such information regarding a breach that affected 57 million of its customers and drivers, but paid the attacker $100,000 to destroy the stolen data.
“The recent data breaches, from Uber to Equifax, will have profound, long-lasting impacts on the integrity of many Americans' identities and finances, and it is simply unacceptable that millions of them may still not know that they are at risk, nor understand what they can and should do to help limit the potential damage,” Baldwin said.