In today’s business environment, the threat of a data breach is a daily problem faced by the boardroom. However, until now the issue of responsibility has been glossed over. Impending data protection laws, like GDPR, are aiming to tackle the subject of corporate responsibility in line with growing threats posed by cyber attacks and subsequent data breaches.
The problems posed by data breach affects companies all over the world, and so it should come as no surprise that in the US, politicians are renewing efforts to pass this new law.
The law proposes that US companies need to quickly notify consumers in the event of a data breach (GDPR gives companies 72 hours). The recent news surrounding Uber, and its attempt to buy off hackers that stole customer data, served as the catalyst for this bill to be brought forward. However, more stringent laws like these are necessary to match the evolving threat.
>See also: The hapless user: secure from the inside out
The bill has been called the Data Security and Breach Notification Act, seeks to implement nationwide breach notification standards and replace the confusing patchwork of state laws currently in place.
The act is sponsored by Senator Bill Nelson of Florida, Senator Richard Blumenthal and Tammy Baldwin, Democrats of Connecticut and Wisconsin, respectively.
In a statement, Nelson said a nationwide law was necessary to safeguard consumer data and protect it from being stolen from hackers. “Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this common sense proposal. When it comes to doing what’s best for consumers, the choice is clear.”
Crucially the new law would enable prosecution of those who “intentionally and wilfully” conceal a data breach, including fines and up to five years imprisonment.
Commenting on the news, Tim Erlin, VP Product Management and Strategy at Tripwire, said: “The confusing patchwork of state disclosure laws ensures that a number of lawyers remain employed to interpret them. It’s an inefficient system, no doubt, but the US has failed to address it with a national breach disclosure law for years. While lawmakers may be shocked at Uber’s behaviour, it’s unlikely that they’ll be shocked into meaningful action.”
“Breach disclosure laws protect consumers and hurt corporations. It’s unlikely that a meaningful national disclosure law will get serious consideration from a congress and Whitehouse that are clearly supportive of big business interests.”