UPDATED 22:01 EST / JANUARY 10 2018


Proposed law would impose huge fines for credit reporting agency data breaches

New legislation being pushed by two Senate Democrats would give the Federal Trade Commission the power to fine credit reporting agencies that fail to protect consumer information from data breaches.

The proposed law, called the Data Breach Prevention and Compensation Act 2018, was proposed today by Elizabeth Warren (D-Mass.) and Mark Warner (D-Va.) in response to the high-profile hacking of credit reporting agency Equifax Inc. in 2017.

Under the draft law, the FTC would create an Office of Cybersecurity that would be responsible for reviewing and inspecting credit reporting agencies. In the event that a data breach does occur and the reporting agency is found to have been remiss in making reasonable attempts to secure the data, the agency would be fined $100 per hacked record with a maximum payout set at 50 percent of the agency’s gross revenue from the previous year.

“Under this legislation, Equifax would have had to pay at least a $1.5 billion penalty for their failure to protect Americans’ personal information,” Senator Warren said in a statement. “To ensure robust recovery for affected consumers, the bill would also require the FTC to use 50 percent of its penalty to compensate consumers and would increase penalties in cases of woefully inadequate cybersecurity or if a CRA fails to timely notify the FTC of a breach.”

Ken Spinner, vice president of field engineering at the data security firm Varonis Systems Inc., told SiliconANGLE that he believes the act doesn’t go far enough to cover the “thousands upon thousands of other major organizations and the millions of customer files” under their control.

“It’s impossible to avoid the regular drumbeat of breaches in the news. Consumers are simply getting fed up,” Spinner said. “Companies that have spent millions to gain customers and win their loyalty can find those gains wiped out overnight once a breach hits. We’ve got a long way to go before the U.S. adopts measures like EU’s Data Protection Act, but it’s encouraging to see some movement, at least on paper, in the wake of last year’s devastating attacks.”

It’s not clear whether the proposed law will obtain broader support in the Republican-controlled Senate, but it has been endorsed by a number of consumer advocacy groups, including the U.S. Public Interest Research Group, the Electronic Privacy Information Center and the Consumer Federation of America.

Photo: mdfriendofhillary/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy