New Legislation Would Threaten Execs With Jail Over Data Breaches - InformationWeek
02:00 PM

New Legislation Would Threaten Execs With Jail Over Data Breaches

Executives who intentionally conceal a security breach that involves personal data could face jail time under legislation soon to be filed by two veteran U.S. senators.

Two veteran U.S. Senators said Thursday that they would introduce a bill which would put business executives in harm's way when their companies stonewalled on data breaches.

Sen. Arlen Specter (R-Penn.) and Sen. Patrick Leahy (D-Vt.), the chairman and ranking member, respectively, of the Senate's Judiciary Committee, plan to include jail time for business leaders who intentionally conceal a security breach that involves personal data.

The bill is just the latest in reaction to the growing number of disclosures of data theft, loss, and illegal selling. The most recent -- and the largest to date -- involved 40 million credit card accounts.

"Insecure databases have become low-hanging fruit for hackers looking to steal identities and commit fraud during a time when we are seeing a troubling rise in organized rings that target personal data to sell in online," said Sen. Leahy in a statement.

The Leahy-Specter bill, the first to garner support from a Republican, would also put a stop to the buying and selling of Social Security numbers without owners' permission, bar government agencies from posting public records that contain Social Security numbers on the Internet, and require companies that hold personal data to create policies to protect the data as well as vet third-parties they hire to process that data.

Consumers would also be allowed to access the personal data profiles collected by "data brokers" -- such as ChoicePoint, Inc., a company that earlier this year admitted to selling data to criminals -- and correct any errors, just as they can now with their credit reports.

"This actually sounds like a bill that will do something," said Avivah Litan, research director at Gartner, and the research firm's resident expert on data and identity theft. "Mostly because it puts the CEOs on the hot seat."

The upcoming bill is the latest in a string from the Senate. Sen. Dianne Feinstein (D-Calif.), Sen. Charles Schumer (D-N.Y.), and Sen. Bill Nelson (D-Fla.) have all introduced legislation that tackle aspects of the data breach problem.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll