New Legislation Would Threaten Execs With Jail Over Data Breaches

Executives who intentionally conceal a security breach that involves personal data could face jail time under legislation soon to be filed by two veteran U.S. senators.
Two veteran U.S. Senators said Thursday that they would introduce a bill which would put business executives in harm's way when their companies stonewalled on data breaches.

Sen. Arlen Specter (R-Penn.) and Sen. Patrick Leahy (D-Vt.), the chairman and ranking member, respectively, of the Senate's Judiciary Committee, plan to include jail time for business leaders who intentionally conceal a security breach that involves personal data.

The bill is just the latest in reaction to the growing number of disclosures of data theft, loss, and illegal selling. The most recent -- and the largest to date -- involved 40 million credit card accounts.

"Insecure databases have become low-hanging fruit for hackers looking to steal identities and commit fraud during a time when we are seeing a troubling rise in organized rings that target personal data to sell in online," said Sen. Leahy in a statement.

The Leahy-Specter bill, the first to garner support from a Republican, would also put a stop to the buying and selling of Social Security numbers without owners' permission, bar government agencies from posting public records that contain Social Security numbers on the Internet, and require companies that hold personal data to create policies to protect the data as well as vet third-parties they hire to process that data.

Consumers would also be allowed to access the personal data profiles collected by "data brokers" -- such as ChoicePoint, Inc., a company that earlier this year admitted to selling data to criminals -- and correct any errors, just as they can now with their credit reports.

"This actually sounds like a bill that will do something," said Avivah Litan, research director at Gartner, and the research firm's resident expert on data and identity theft. "Mostly because it puts the CEOs on the hot seat."

The upcoming bill is the latest in a string from the Senate. Sen. Dianne Feinstein (D-Calif.), Sen. Charles Schumer (D-N.Y.), and Sen. Bill Nelson (D-Fla.) have all introduced legislation that tackle aspects of the data breach problem.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing