Sen. Elizabeth Warren (D-MA) and Sen. Mark Warner (D-VA) have introduced legislation designed to hold credit reporting agencies more accountable for security breaches involving consumer data.
The senators’ proposed Data Breach Prevention and Compensation Act
would give the Federal Trade Commission (FTC) more direct supervisory authority over data security at the credit reporting agencies, with the establishment of an Office of Cybersecurity. The FTC would also be given the authority to impose mandatory penalties to “incentivize adequate protection of consumer data and provide robust compensation to consumers for stolen data.” The base penalty of $100 for each consumer who had one piece of personal identifying information (PII) compromised and another $50 for each additional PII compromised per consumer. The bill was created in response to last September’s announcement of a security breach at Equifax that threatened the data of 145 million Americans—and if the bill was in place when that breach occurred, Equifax would have been required to pay a $1.5 billion penalty.
"The financial incentives here are all out of whack—Equifax allowed personal data on more than half the adults in the country to get stolen, and its legal liability is so limited that it may end up making money off the breach," said Warren. "Our bill imposes massive and mandatory penalties for data breaches at companies like Equifax and provides robust compensation for affected consumers, which will put money back into peoples' pockets and help stop these kinds of breaches from happening again."