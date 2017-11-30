Democrat Senators Introduce National Data Breach Notification Law (cyberscoop.com) 28
New submitter unarmed8 shares a report from CyberScoop: Three Democratic senators introduced legislation on Thursday requiring companies to notify customers of data breaches within thirty days of their discovery and imposing a five year prison sentence on organizations caught concealing data breaches. The new bill, called the Data Security and Breach Notification Act, was introduced in the wake of reports that Uber paid $100,000 to cover up a 2016 data breach that affected 57 million users. The scope of what kind of data breach falls under this is limited. For instance, if only a last name, address or phone number is breached, the law would not apply. If an organization "reasonably concludes that there is no reasonable risk of identity theft, fraud, or other unlawful conduct," the incident is considered exempt from the legislation.
"We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers," Sen. Bill Nelson, D-Fla., said in a statement. "Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this commonsense proposal. When it comes to doing what's best for consumers, the choice is clear."
market forces
As in, let the penalty market for breaches of data be:
$1 per name
$2 per address
$3 per phone number
$10 per SSN
And multiply those figures for combinations thereof.
Let companies choose to store and protect people's personal information with these potential penalties. The market will sort itself out pretty quickly.
Excellent idea. Companies should also directly bear the cost of damage and repairing credit.
Yikes, a phone book would cost millions!
Does this mean the CEO? CIO? or Uber (the whole corporation)
We need more prison space
Who do they think is going to enforce these laws?
The amount of stupid in your comment is astounding. The FBI, Treasury, and Homeland would all be perfectly capable of enforcing this shit. The idea that the CFPB is necessary for this sort of law is absofuckingluty moronic.
Change D to R and you've basically got Fox News and Rush talking points, which are basically marching orders for the Rs.
typo in the title
Democrat is a noun. Democratic is the correct adjective. Right wing extremists use the noun as an an adjective to annoy Democrats. They enjoy how it sounds like "rat."
Thank you. This always bugs me when I see it and the source ISN’T Limbaugh, et al.
Yes, it's hard to take anyone seriously when they say Democrat when it should be Democratic. When you see that, you know they're trying to push buttons, and you know where they stand. I'll take it as s typo in this case though, since the summary seems to reflect straight reporting about actions taken by Democratic senators, rather than GOP propaganda.
5 prison term for *individuals*
The article is almost gibberish. The proposed law imposes fines and/or a prison term of not more than 5 years, for (1) individuals who know that the data breach law applies, (2) who willfully and intentionally conceal the breach (notably it does not say "fail to notify", but "willfully and intentionally conceal"), (3) in the event that at least $1000 of economic harm occurs to at least one individual.
I'm not a lawyer, but I think the bar for "willfully conceal" is pretty high. I think they're definitely try
5 year prison sentences...
You know no MBA will ever serve one of those, but some poor code monkey who the MBA didn't listen to when he recommended tighter security probably will!
Democrats pretending to not be the political wing of Goldman Sachs is just a joke. Fuck the Republicans too, but at least they're open about serving the interests of fossil fuel.
Wow, the Russian AC crowd is out in force here.
Yeah, sow the seeds of apathy, demonize American politics in general, divide and conquer.
Wait, is Bannon a Russian agent, too? He seems to be using the same strategy as the Kremlin. Hmm...
Sheep in wolf's clothing from big corporate view
Many laws and regulations sold as protecting us from corporations are actually written for the exact opposite purpose - to put ceilings on civil awards.
I'm no attorney and could be misreading the proposed law (yes, I violated slashdot rules by reading both the article and the text of the proposed law), but this one seems to reign in the states by forcing unbelievably low maximum total civil penalties of only $5 million. Many recent breaches deserve far more than that even if reported immediately. You'd have to hit a company like Apple with $1 billion to even get noticed.
In order for penalties to be effective, a major breach should have a significant hit on a corporation's profit for at least a quarter. This does not allow that in the case of larger corporations. The prison term is likely there just to use after a breach to get lower level people to talk. It is unlikely to ever be imposed.
A National Britches Law?
