US senators push for jail time for executives who conceal data breaches

By Erin Ayers on December 4, 2017

Fueled by anger over recent high-profile security breaches, congressional lawmakers on Nov. 30 filed a bill to potentially subject executives at organizations that do not disclose breaches to up to five years of jail time.

Members of the United States Senate Commerce Committee introduced a bill to propose prison sentences for any executives that conceal data breaches that cause any individual to lose more than $1,000. The bill, called the Data Security and Breach Notification Act, would also implement nationwide data breach notification standards, a topic that garnered significant attention during congressional hearings over breaches at Equifax, Yahoo, and Uber.

“We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers,” said Sen. Bill Nelson (D-Fla.), who filed a similar bill last session. “Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this commonsense proposal. When it comes to doing what’s best for consumers, the choice is clear.”

Signing on to the bill with Nelson, ranking member of the Commerce Committee, were Sens. Richard Blumenthal (D-Conn.) and Tammy Baldwin (D-Wisc.).

The bill calls for “covered entities” to report data breaches within 30 days or “as promptly as possible” if the organization can show that disclosure within 30 days is not feasible. It also calls for the Federal Trade Commission to create security standards for businesses to follow.

“The recent data breaches, from Uber to Equifax, will have profound, long-lasting impacts on the integrity of many Americans’ identities and finances, and it is simply unacceptable that millions of them may still not know that they are at risk, nor understand what they can and should do to help limit the potential damage,” said Sen. Baldwin.


This story in an excerpt of the original. The content originally appeared in Cyber Front Page News.
To read the full story, you must be a subscriber. If you are a subscriber, check your email for Cyber Front Page News on December 4, 2017.'

Erin is an editor at Advisen. She has 15 years of journalism experience. Prior to Advisen, Erin covered property-casualty insurance for 13 years as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at