Senator Bill Nelson, ranking Democrat on the Commerce Committee, has revived the Data Security and Breach Notification Act, a bill calling for jail time for corporate executives who conceal data breaches:
If it becomes law, then it would overrule the many statewide laws regulating breach notifications by establishing a nationwide standard.
There’s a requirement for companies to notify customers within 30 days, along with the potential criminal penalties.
It also directs the FTC to develop standards businesses must follow if they collect customer information, like naming a person in charge of information security, establishing a process to identify vulnerabilities, have a process for the disposal of information, and other items in that vein.
In a statement, Nelson said “Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this commonsense proposal. When it comes to doing what’s best for consumers, the choice is clear.”
In 2015 Nelson’s bill was one of several introduced to deal with the issue of protecting customers from these leaks and it’s likely that it will again have company.
It is doubtful the bill goes anywhere, and this is likely all just for show for Nelson’s constituents. The bill is a pipe dream and will almost certainly never become law.