Democrats on the Senate Commerce Committee have introduced legislation that would result in jail time for companies who conceal a data breach.
This bill, known as the Data Security and Breach Notification Act, comes in the wake of the Uber scandal which revealed Uber concealed a breach impacting 57 million people by paying hackers $100 thousand in hush money to avoid disclosing the breach.
States across the U.S. have varying breach notification laws in place already, but this bill would implement nationwide notification standards that would make the consequences for not disclosing a breach uniform for all states.
The bill states that anyone convicted of ‘intentionally and willfully’ concealing a breach would face fines and up to five years in prison. This is a stark reminder for organizations willfully running poor security practices with weak breach prevention measures that the future could be unsettling.
The legislation was introduced by Senator Bill Nelson, who stated, “We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers.”
Read the article on InfoSecurity Magazine