Directors Who Conceal Cyber Attacks Could Face Prison

UK companies who are still living in dread of GDPR should thank their lucky stars they are not operating in the US, where a group of Democrats is planning to bring in new laws which appear to make compliance with the upcoming EU data protection legislation seem like a stroll in the park.

Named the Data Security & Breach Notification Act, the proposed law seeks to implement nationwide breach notification standards and replace the confusing patchwork of state laws currently in place.

The Act, which is sponsored by Democrat senators Bill Nelson of Florida, Richard Blumenthal of Connecticut and Tammy Baldwin of Wisconsin, would see those companies which “intentionally and willfully” conceal a data breach to be prosecuted in the courts, with the threat of huge fines and up to five years in jail hanging over them.

It has been reported that the Uber hacking scandal, which saw the company pay a ransom to criminals rather than admit to a huge data breach, has served as the catalyst for the Bill to be brought forward.

In a statement, Senator Nelson said: "We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers. "Congress can either take action now to pass this long overdue Bill or continue to kowtow to special interests who stand in the way of this common sense proposal. When it comes to doing what’s best for consumers, the choice is clear.”

DataIQ: 

You Might Also Read: 

Company Directors Should Have Personal Liability For Data Breaches:

GDPR Will Impact Data Management In The USA:

The GDPR Advisory Board Offers Expert Advice: