New legislation being pushed by two Senate Democrats would give the Federal Trade Commission the power to fine credit reporting agencies that fail to protect consumer information from data breaches.

The proposed law, called the Data Breach Prevention and Compensation Act 2018, was proposed today by Elizabeth Warren (D-Mass.) and Mark Warner (D-Va.) in response to the high-profile hacking of credit reporting agency Equifax Inc. in 2017.

Under the draft law, the FTC would create an Office of Cybersecurity that would be responsible for reviewing and inspecting credit reporting agencies. In the event that a data breach does occur and the reporting agency is found to have been remiss in making reasonable attempts to secure the data, the agency would be fined $100 per hacked record with a maximum payout set at 50 percent of the agency’s gross revenue from the previous year.

“Under this legislation, Equifax would have had to pay at least a $1.5 billion penalty for their failure to protect Americans’ personal information,” Senator Warren said in a statement. “To ensure robust recovery for affected consumers, the bill would also require the FTC to use 50 percent of its penalty to compensate consumers and would increase penalties in cases of woefully inadequate cybersecurity or if a CRA fails to timely notify the FTC of a breach.”

Ken Spinner, vice president of field engineering at the data security firm Varonis Systems Inc., told SiliconANGLE that he believes the act doesn’t go far enough to cover the “thousands upon thousands of other major organizations and the millions of customer files” under their control.

“It’s impossible to avoid the regular drumbeat of breaches in the news. Consumers are simply getting fed up,” Spinner said. “Companies that have spent millions to gain customers and win their loyalty can find those gains wiped out overnight once a breach hits. We’ve got a long way to go before the U.S. adopts measures like EU’s Data Protection Act, but it’s encouraging to see some movement, at least on paper, in the wake of last year’s devastating attacks.”

It’s not clear whether the proposed law will obtain broader support in the Republican-controlled Senate, but it has been endorsed by a number of consumer advocacy groups, including the U.S. Public Interest Research Group, the Electronic Privacy Information Center and the Consumer Federation of America.

Photo: mdfriendofhillary/Flickr