A new bill from two U.S. Senators proposes “massive and mandatory” fines for credit reporting bureaus which have suffered data breaches, in a clear response to last year’s Equifax breach.
Congress has long been discussing some sort of solution or legislation to dealing with breaches at larger companies, and this particular bill aimed at credit reporting firms comes from Democratic Senators Elizabeth Warren (D-Mass.) and Mark Warner (D-Va.). In this bill, fines would start at $100 for each consumer whose sensitive information is compromised, as the Los Angeles Times reports.
As the LA Times notes, the Data Breach and Compensation Act would also “add a $50 fine for each additional piece of compromised personally identifiable information for each consumer. The penalties would double in cases where the credit reporting firm did not comply with federal data security standards or failed to notify officials of the breach in a timely manner.”
Not only that, but this bill would actually be putting money back into the pockets of consumers. Half of any total fine could be used to compensate any consumers affected by the breach.
The Senators said that if this bill was in place last year, Equifax would have faced a fine of “at least $1.5 billion.”
This isn’t the first bill to be proposed on the matter of breaches. In November, Sen. Bill Nelson (D-Fla.) sponsored the Data Security and Breach Notification Act, which would require companies to report data breaches within 30 days. That bill could also carry up to a five-year prison term for any individual who “intentionally and willfully conceals the fact of the breach of security.”
Many states have also introduced their own bills or resolutions having to do with security breaches. A list of these state bills can be found at the National Conference of State Legislatures website. We’ll see how many of these bills will pass, if any proposed federal bills will pass in the future, and if any of these bills will have enough bite to truly protect consumers.