New Legislation Would Punish Mishandling of Private Data 187
An anonymous reader writes "A bill introduced Thursday by Senator Richard Blumenthal (D-CT) would regulate the handling of consumers' private data and punish companies who screw it up (e.g. Sony). 'These rules would require companies to follow specific storage guidelines and ensure that personal information is stored and protected correctly. Companies that do not adhere to these security guidelines could be subject to stiff fines.' Blumenthal told the NY Times, 'The goal of the proposed law is essentially to hold accountable the companies and entities that store personal information and personal data and to deter data breaches. While looking at past data breaches, I've been struck with how many are preventable.'"
A far better policy (Score:3, Interesting)
A far better policy would be to require companies to disclose any time their servers are hacked, whether private user data is stolen or not. That would go a long way towards tieing server security to a company's bottom line.
Mandating specific guidelines is a bad idea because the government has no clue when it comes to good security and even if they did guidelines change over time.
Re:A far better policy (Score:4, Interesting)
Perhaps even mandated compensation paid to the person whose data was lost, depending on what was lost. If it were 'merely' your name and address then that's $5,000. If your telephone number too, then $7,500. If it includes your social security number, then $50,000. Biometrics? $100,000 etc etc etc. If the person concerned can prove that their identity was used in the commissioning of a crime - triple the compensation.
See how quickly companies tighten their security.
Stiff fines my ass... (Score:5, Interesting)
Put the corporate officers in jail - make the minimum sentence mandatory. It needn't be long. Hold people in power responsible and you'll see action.
Business will make a value judgment based on the cost - $5,000,000 potential fine or $300,000 in IT changes means it happens. $5,000,000 fine or $3,000,000 in IT changes and all of a sudden it's not so clear cut. CEO and CIO guaranteed to get 6 months to 5 years in a federal pen for non-compliance and that IT change could cost $30,000,000 and it would be item number one on every single board meeting agenda until the transition is complete.