Senators Pushing for Tougher Data Breach Laws
Two Democratic senators, Elizabeth Warren of Massachusetts and Mark Warner of Virginia, have introduced a bill that would give the Federal Trade Commission (FTC) more power to investigate credit reporting agencies and levy fines against agencies that are breached by hackers.
If passed, the FTC can inspect companies, such as TransUnion, Experian, and Equifax, which was breached in 2017, to make sure they have proper security protocols in place. Credit reporting companies that earn more than $7 million a year in the sale of consumer information would have to share details with the FTC about their device management, network security, data encryption, and other cybersecurity practices.
If a breach does occur, the FTC could charge the company at least $100 per affected person. Half of those funds would be used as restitution to the affected consumers.
In the case of the Equifax breach, the company could have been charged at least $14.3 billion under this proposed law. However, since fines would be capped at 50% of the company’s gross annual revenue, Equifax would have been charged approximately $1.5 billion, according to the senators.
“Our bill imposes massive and mandatory penalties for data breaches at companies like Equifax—and provides robust compensation for affected consumers—which will put money back into peoples’ pockets and help stop these kinds of breaches from happening again,” Warren said in a statement.
The proposed legislation would also charge companies an additional $50 per piece of personally identifiable information for each person, and fines could double if the credit reporting agency did not comply with federal data security standards or provide timely notification of the breach.