Potential legislation for corporate data negligence?
Congress is sure going for the throat on this one. Though it is unlikely to pass, Sen. Elizabeth Warren has proposed legislation that would allow for jail time for executives in cases of corporate fraud and negligence.
This Corporate Executive Accountability Act (CEAA) seeks to circumvent what its proponents perceive as a traditional lack of legal culpability for the highest positions in a firm. For organizations with annual revenue of $1 billion or more, a breach of 1% of Americans’ data (or 1% of a state’s population) would activate the jail condition.
Naturally, such a prospect has people nervous. Would it discourage “qualified” people from seeking roles in the C-Suite of a company? Or would it spur vigilance for misconduct, and more enthusiastic compliance practices? Ultimately, if an executive was involved in some form of negligence, expecting culpability is perfectly fair. More than likely, however, such candidates need not worry at this time. The bill doesn’t look to have much traction in the Senate.
Conversely, a Senate report into the 2017 Equifax breach nevertheless reaches approximately similar conclusions. The findings, detailing information that has been covered here and elsewhere ad nauseum, propose penalties for US companies that are lax with personally identifiable information (PII). A recommendation follows that the US implement a sort of federal-GDPR-equivalent. “Congress should pass legislation that establishes a national uniform standard requiring private entities that collect and store PII to take reasonable and appropriate steps to prevent cyberattacks and data breaches,” states the report. As it stands, there is currently no such requirement that breached entities notify the victims, and states have spent years taking their own varying initiatives.
Whether or not these findings are more likely to result in action than the CEAA remains to be seen. However, for the legislature to be taking steps like these two years on shows the lingering effects of the Equifax incident. Sen. Warren’s bill would trigger in the event of a breach affecting around 3.27 million people. Equifax’s total approached 150 million. Indeed, it has proven to be a strong impetus for lawmakers to try throwing a bunch of ideas at the wall. Maybe one of them will even stick someday.