Cybersecurity

Dems reintroduce bill to jail those who don’t alert victims of a data breach

Three Democratic senators have reintroduced a bill to require firms to promptly notify users whose data may have been taken by hackers or have those who had knowledge of the breach face prison time.

“We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that info has been stolen by hackers,” Sen. Bill Nelson (D-Fla.), who headed the bill, said in a statement.

“Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this commonsense proposal.”

{mosads}The bill comes on the back of Uber announcing it had withheld notifying millions of customers their data had been stolen in a breach more than a year ago.

Currently, 48 states, as well as Washington, D.C., and some of the American protectorates have local breach notification laws carrying penalties of tens to hundreds of thousands of dollars. There is no national standard.

The bill, introduced Thursday by Nelson and Sens. Richard Blumenthal (D-Conn.) and Tammy Baldwin (D-Wis.), would have penalties of up to five years in prison for anyone with knowledge of a breach failing to notify anyone impacted by it.

Nelson and Blumenthal introduced similar legislation last Congress. 

“The recent data breaches, from Uber to Equifax, will have profound, long-lasting impacts on the integrity of many Americans’ identities and finances, and it is simply unacceptable that millions of them may still not know that they are at risk,” said Baldwin in a statement.