Measure calls for up to five years in prison for knowingly concealing breaches
WASHINGTON, D.C. – U.S. Senator Tammy Baldwin, a member of the Senate Commerce Committee, joined Senators Bill Nelson (D-FL) and Richard Blumenthal (D-CT) to file legislation Thursday that would require companies to quickly notify consumers of data breaches and impose new criminal penalties for corporate personnel who deliberately conceal breaches.
“The recent data breaches, from Uber to Equifax, will have profound, long-lasting impacts on the integrity of many Americans’ identities and finances, and it is simply unacceptable that millions of them may still not know that they are at risk, nor understand what they can and should do to help limit the potential damage,” said Senator Baldwin. “At a recent Commerce Committee hearing, I asked Equifax executives point blank if they were going to notify every single American affected by the massive data breach that their personal information was hacked. I did not get a straight answer and that’s not acceptable. The Senate needs to take action to hold these companies accountable and require them to notify affected consumers when their personal information has been breached. This legislation will make sure we are doing right by consumers.”
The renewed push for congressional action comes on the heels of Uber’s disclosure last week that it concealed from drivers and customers a 2016 data breach affecting 57 million accounts.
The legislation would require companies to notify consumers of data breaches within 30 days and make it a crime punishable by as much as five years in prison for knowingly concealing them, among other things.
In addition to requiring companies to warn consumers of breaches and imposing jail time for keeping them secret, the legislation also directs the Federal Trade Commission (FTC) to develop security standards to help businesses protect consumers' personal and financial data and provide incentives to businesses who adopt new technologies that make consumer data unusable or unreadable if stolen during a breach.
Click here for a copy of the legislation the lawmakers filed today.
Following a massive Equifax data breach that threatened the sensitive, private information of more than 145 million Americans, Senator Baldwin called for a hearing before the Senate Commerce Committee where executives from the company took questions from Senator Baldwin and others on the committee.
Senator Baldwin sent a letter to the CEO of Equifax after the hearing calling on him to provide direct notice to each and every American consumer impacted by the data breach.