- Jul 22, 2014
- 2,525
Three US senators have introduced a bill on Thursday that will make it mandatory for companies to report breaches to customers within 30 days, but also carries fines and possible prison time for execs who conceal breaches from users and authorities.
The new bill is named the Data Security and Breach Notification Act and is sponsored by three Democrats —Sen. Bill Nelson (Florida), Sen. Richard Blumenthal (Connecticut), and Sen. Tammy Baldwin (Wisconsin).
Not the first time senators try to regulate breach disclosure
This is the second time a bill with this name has been introduced. Four senators, including Nelson, tried to push a previous version of this bill in 2014, during the Obama administration, but failed to get the support they needed.
The 2014 bill came shortly after the Target and Neiman Marcus breaches, and its main objective was to force companies to store data in a more secure manner and ensure all customers receive breach notifications in due time.
This new bill comes as a response to the recent Uber debacle, where the company paid $100,000 as hush money to two hackers to keep quiet about a security incident that took place in late 2016. The company came clean about the breach a year later, after a change in management, revealing that hackers stole details for almost 57 million drivers and customers.
Execs who hide breaches risk going to prison
....
...
The bill's main purpose is to homogenize data breach notification laws across US states. Currently, each US state forces companies to disclose breaches in a different manner, while some states don't even have such laws in the first place.
....
The new bill is named the Data Security and Breach Notification Act and is sponsored by three Democrats —Sen. Bill Nelson (Florida), Sen. Richard Blumenthal (Connecticut), and Sen. Tammy Baldwin (Wisconsin).
Not the first time senators try to regulate breach disclosure
This is the second time a bill with this name has been introduced. Four senators, including Nelson, tried to push a previous version of this bill in 2014, during the Obama administration, but failed to get the support they needed.
The 2014 bill came shortly after the Target and Neiman Marcus breaches, and its main objective was to force companies to store data in a more secure manner and ensure all customers receive breach notifications in due time.
This new bill comes as a response to the recent Uber debacle, where the company paid $100,000 as hush money to two hackers to keep quiet about a security incident that took place in late 2016. The company came clean about the breach a year later, after a change in management, revealing that hackers stole details for almost 57 million drivers and customers.
Execs who hide breaches risk going to prison
....
...
The bill's main purpose is to homogenize data breach notification laws across US states. Currently, each US state forces companies to disclose breaches in a different manner, while some states don't even have such laws in the first place.
....
Last edited:
