Could jailtime be in store for data breaches?

We have almost become numb when it comes to data breaches. It has seemingly become a nearly everyday thing as one after another after another has a breach and our information is maliciously obtained by people who should not have it. How our data is protected has become a sticky situation and has prompted lawsuits and Congressional review but very little else. Until now.

Senator Ron Wyden (D-Oregon) has released a discussion draft of legislation called the Consumer Data Protection Act (not to be confused with Bob Menendez’s bill regarding data breaches introduced last December which has never left committee). With millions of Americans frustrated that nothing has been done on a national level (California did enact statewide legislation) this came as a welcome piece of news when it was introduced in early November.

Consumer Data Protection Act

The legislation would affect companies that earn more than $50 million in revenue and have data on more than one million people. The Federal Trade Commission (FTC) will be empowered to take action on companies that violate the law, a far cry from what we have today where a company can only be fined if they signed a consent decree with the FTC. A Bureau of Technology would be created and staffed with technology experts to give the FTC more effective investigative powers. Companies will also be required to submit an annual data protection report signed by the CEOs of the company. If they are caught lying on the report the CEO could face up to 20 years in prison as well as heavy fines.

The Consumer Data Protection Act would also implement a “Do Not Track” webpage which would allow Americans to opt out of having their data shared in one stroke of the keyboard so to speak. Today if you want to opt out it has to be done with each site that you do business with and in some cases there is no way to opt out. Violations of this provision could result in fines of up to 4% of the company’s yearly revenue which is in line with the recently enacted GDPR in Europe.

A good introduction but a long way to go

Of course at this point the legislation has been introduced and is far from being sent to the desk of President Trump and becoming law. Considering the national clamor for such legislation one would hope that there will be bipartisan support for this. Many tech CEOs have also recognized an issue and have asked for national legislation, whether this is for ethical reasons or because they do not like California’s legislation though is open for discussion.

Protection of customer data has become a major talking point, whether it is protecting the consumer from having their data sold or from having their data stolen. It seems that technology has outpaced control and we are able to do things with tech that no one envisioned. For many Pandora’s Box has been opened and the only way to close it or at least contain it is with legislation on a national level. In will not apply to every company, at least to start, but it is a start and it is better than anything that we have now.

Considering that Americans are tired of having their data sold or stolen the image of a CEO being sent to prison for up to 20 years rather than just being bought out and given millions of dollars to go away may bring a smile to your face. This bill gives consumers much more transparency and more control, but of course that also means that the consumer will have to be educated and will have to exercise that control. Given the number of data breaches as well as the scandals in recent years like with Facebook and Cambridge Analytica something does need to be done to protect consumers. This could be a start but it is certainly not the end.

Comments are closed.

Scroll to Top