Lawmakers Demand Action for Data Breaches
Since September 2018, hundreds of millions of people fell victim to data breaches and hack that put their information at risk. In the same fashion as the EU’s GDPR, the hacks are prompting United States lawmakers to seek solutions. The most recent proposed legislation, titled, the Consumer Data Protection Act would send senior executives to prison as a possible consequence for a data breach.
— SecureForensics (@secureforensics) November 30, 2018
After the Marriott – Starwood hotels hack, lawmakers want to increase the penalties for data breaches. They believe that Marriott and other similar businesses cannot be trusted to regulate themselves with data security.
In a Tweet, Senator Ron Wyden, author of the Consumer Data Protection Act was not convinced with Marriott’s apology and stated his disapproval in a Twitter thread.
If history is any guide, @Marriott’s mega data breach will be treated like all the others: the company will apologize & offer useless credit monitoring to the victims impacted. The status quo isn’t working.
— Ron Wyden (@RonWyden) November 30, 2018
Based on Wyden’s tweets and proposed bill he believes that the threat of jail time and fines might be enough for executives to increase their cybersecurity measures.
Lawmakers Debate Data Retention Policies
Currently, U.S companies do not suffer major consequences under U.S Law for breaches. However, United States companies can face GDPR consequence if they operate in the European Union. The lack of consequences is promoting lawmakers want to increase penalties for breaches and regulations that limit what information companies can collect on customers.
However, limiting the information that companies can collect creates a debate on some security professionals and lawmakers. The debate is that limiting information might not be feasible for companies like Marriott but both lawmakers and security officials agree that increasing penalties might be the solution.
Two other bills introduced in 2014 and 2017 echo Wyden’s. Both of the previous bills proposed jail time for executives. What makes Wyden’s Consumer Data Protection Act unique is that he proposes the FTC would need to add an additional 175 new staff members. In addition to the increase of staff members, companies would need to submit reports to the FTC and could be reprimanded up to $5 of their revenue. If a company makes more than one billion in revenue, they would be required to check in regularly to the FTC.
What You Can Do When Your Victim of a Data Breach
Marriott will notify customers who are involved in the hack by emailing them and through their breach notification website. If you are unfortunate enough to be included in a data breach, there are some steps to take and that. Typically, companies who are breached will include a service to help monitor identity theft and if your information is posted online. Marriott is providing one year of identity monitoring through WebWatcher.
Two other bills introduced in 2014 and 2017 echo Wyden’s. Both of the previous bills proposed jail time for executives. Wyden’s bill outlines various ways the FTC and businesses can work together. The bill proposes that FTC would need to add an additional 175 new staff members. In addition to the increase of staff members, companies would need to submit reports to the FTC and could be reprimanded up to $5 of their revenue. If a company makes more than one billion in revenue, they would be required to check in regularly to the FTC.
Are Data Breaches The Iceberg of Today’s Companies?
It seems that today’s data security issues resemble the Titanic striking an iceberg in 1812. Instead of a ship, it’s a company and the iceberg is a hacker that can cause a different set of leaks. It seems that some businesses think they are unsinkable – until they hit their own iceberg.
If you are a business, organization, or government agency take preventative measures by having SecureForensics as part of yourdata breach response plan. If you’be been hacked, we can deploy to you within 24 hours, help you stop the breach, locate where the hack occurred and help safeguard your system against future threats. Contact us today for a free phone consultation at 1-800-288-1407 and start your case.