Executives attempting to conceal a breach could face up to five years in prison
U.S. Sen. Bill Nelson (D-FL), the top Democrat on the Senate Commerce Committee, filed legislation today to require companies to quickly notify consumers of a data breach and impose new criminal penalties for executives who try to deliberately conceal such a breach.
The move comes on the heels of Uber’s disclosure last week that it concealed from drivers and customers a 2016 data breach affecting 57 million accounts.
The legislation would, among other things, require companies to notify consumers of a data breach within 30 days; and make it a crime – punishable by up to five years in prison – for knowingly concealing a breach.
“We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers,” said Nelson. “Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this commonsense proposal. When it comes to doing what’s best for consumers, the choice is clear.”
In addition to requiring that companies quickly notify consumers of a data breach and imposing lengthy jail time for those who try to cover them up, Nelson’s legislation directs the Federal Trade Commission (FTC) to develop strict security standards that businesses would be required to follow to better protect consumers’ personal and financial data. It also provides incentives to businesses that adopt new technologies that make consumer data unusable or unreadable if stolen during a breach.
Nelson introduced similar legislation in the Senate last year.
A copy of the bill filed today is available here.
And here’s a link to video of Nelson’s remarks at a Senate Commerce Committee hearing on this issue earlier this month.