New Legislation Would Threaten Execs With Jail Over Data Breaches
Executives who intentionally conceal a security breach that involves personal data could face jail time under legislation soon to be filed by two veteran U.S. senators.
Two veteran U.S. Senators said Thursday that they would introduce a bill which would put business executives in harm's way when their companies stonewalled on data breaches.
Sen. Arlen Specter (R-Penn.) and Sen. Patrick Leahy (D-Vt.), the chairman and ranking member, respectively, of the Senate's Judiciary Committee, plan to include jail time for business leaders who intentionally conceal a security breach that involves personal data.
The bill is just the latest in reaction to the growing number of disclosures of data theft, loss, and illegal selling. The most recent -- and the largest to date -- involved 40 million credit card accounts.
"Insecure databases have become low-hanging fruit for hackers looking to steal identities and commit fraud during a time when we are seeing a troubling rise in organized rings that target personal data to sell in online," said Sen. Leahy in a statement.
The Leahy-Specter bill, the first to garner support from a Republican, would also put a stop to the buying and selling of Social Security numbers without owners' permission, bar government agencies from posting public records that contain Social Security numbers on the Internet, and require companies that hold personal data to create policies to protect the data as well as vet third-parties they hire to process that data.
Consumers would also be allowed to access the personal data profiles collected by "data brokers" -- such as ChoicePoint, Inc., a company that earlier this year admitted to selling data to criminals -- and correct any errors, just as they can now with their credit reports.
"This actually sounds like a bill that will do something," said Avivah Litan, research director at Gartner, and the research firm's resident expert on data and identity theft. "Mostly because it puts the CEOs on the hot seat."
The upcoming bill is the latest in a string from the Senate. Sen. Dianne Feinstein (D-Calif.), Sen. Charles Schumer (D-N.Y.), and Sen. Bill Nelson (D-Fla.) have all introduced legislation that tackle aspects of the data breach problem.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
InformationWeek Tech Digest, Nov. 10, 2014Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?