In January 2018, two U.S. senators introduced a bill that would empower the government to impose severe fines on consumer reporting agencies that failed to protect stored sensitive personal data of individuals
The Data Breach Prevention and Compensation Act comes in the wake of the Equifax breach that exposed the data of approximately 143 million people in the United States. Per the draft, the Federal Trade Commission (FTC) – the part of the government with the mission of overseeing companies’ security practices – would be granted greater authority to penalize these firms for poor data security practices.
Per the bill, the FTC would be in charge of regulating cybersecurity for companies that earn in excess of $7 million USD a year from the sale of consumer information. The FTC could levy fines of $100 USD for each consumer whose first and last name or first initial and last name and at least one additional piece of personal identifiable information (PII) was compromised. What’s more, the FTC could impose an additional $50 USD for each additional piece of personal identifiable information exposed. Money generated by the fines would presumably be…
