Democratic Senators Elizabeth Warren and Mark Warner are introducing new legislation that would allow the U.S. government to levy fines on companies that are the subject of data breaches.
According to news from Recode, the legislation, dubbed the Data Breach Prevention and Compensation Act — which is expected to be introduced on Wednesday (Jan. 10) — would give the Federal Trade Commission (FTC) clear authority to hand out fines to credit reporting agencies, like Equifax, in the wake of a data breach. The group also includes TransUnion and Experian.
The idea comes on the heels of a massive data breach at Equifax that exposed the personal information of 145.5 million U.S. consumers, including 209,000 credit card account numbers. If the bill were already law, Equifax would have had to pay $1.5 billion in fines.
Under the bill, the FTC could fine the credit reporting agencies $100 for each consumer who was compromised and $50 for each additional piece of information that was compromised by a hacker. Fines would be capped based on how much revenue the credit reporting firm has. However, that cap could be raised if the company didn’t follow basic cybersecurity practices to protect consumers’ personal data. The bill states that half of the money accrued from the fines would go back to the consumers who were impacted by the breach.
“Our bill imposes massive and mandatory penalties for data breaches at companies like Equifax and provides robust compensation for affected consumers, which will put money back into people’s pockets and help stop these kinds of breaches from happening again,” Warren said in a statement. The senator argued that, as it currently stands, the FTC is limited in what it can do in the event of a cyberattack.
“In today’s information economy, data is an enormous asset,” Warner added. “But if companies like Equifax can’t properly safeguard the enormous amounts of highly sensitive data they are collecting and centralizing, then they shouldn’t be collecting it in the first place.”