US Senate lawmakers will introduce a bill next Thursday that would fine big companies that lose consumer data in a security breach due to poor security measures.
The Personal Data Protection and Breach Accountability Act, sponsored by Democrat Richard Blumenthal of Connecticut, would enable the Justice Department to fine businesses with more than 10,000 customers $5,000 per violation per day, with a maximum of $20 million per violation, according to The Hill.
If the bill passes, it would require testing of security controls and systems to prevent intrusions or service attacks on a frequent basis. The actual frequency of testing would be determined by a government mandated security assessment, which raises a lot of questions about who is doing the testing, and how they do it, and with which government agencies that security data is shared.
Should the US Government Trust the Cloud
headlineAmazon Builds a Wall Around Its Cloud for the U.S. Government
U.S. Government Reviewing OpenID for Login on .Gov Sites
It seems that the core of the legislation is designed to counter the sort of recent high-profile attacks on online sites that held significant consumer data. The bill would fight delays in informing the public when their data has been compromised and eradicate filters to transparency, which would allow the public to know more about how their data is being used and what threats have recently threatened it.
"The amount of time should be measured in hours, not days, at most in days, not weeks," Blumenthal told The Hill.
Photo by WildFire Effects