December 4, 2017 - For many years now ACCESS has opposed efforts in congress to set a single national standard for data breaches. While the idea sounds great on the surface, every single bill we've reviewed has actually weakened consumer protections by usurping much more stringent state data breach notification laws. But a proposal introduced in congress last week has gotten our attention.
This isn't the first time that the Data Security and Breach Notification Act has been proposed. Versions of the same bill have been in congress since 2014. To date we've opposed all of them, and there are certainly real issues with the latest version. Specifically, the definitions of "personally identifiable information" are extremely limited and do not include medical records. Because the bill would usurp state laws - many of which do include medical records - the proposed law would likely create more issues for consumers that it would solve.
With that said, the bill now contains a very interesting proposal. It would include fines and potential jail time for company executives that attempt to hide data breaches. Penalties could be as much as five years in jail.
The new version of the bill is likely a direct result of the recently announced Uber data breach. Last month, the company announced a breach involving nearly 58 million people. The company had kept the breach secret for a year and had bribed the hackers behind the breach by paying them $100,000 to keep quiet.
As current written, we would still have to oppose this bill. But the proposal carrying jail time for anyone hiding a data breach is an idea that deserves further exploration. With a little luck, the states will consider including it in their data breach laws. To date, 49 states and the District of Columbia all have data breach laws of their own. And most of those laws are stronger than what is being proposed by congress.
byJim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
Follow me on Twitter:
|