Estimated reading time: 1 minute, 51 seconds

CEOs, CIOs Could Face Jail Time Under Data Breach Legislation

A new bill (PDF) unveiled by Senator Elizabeth Warren (D-Mass.) proposes sending executives to jail if they oversee certain types of data breaches.

The Corporate Executive Accountability Act, Warren said in a press release, would jail executives who “negligently permit or fail to prevent” a “violation of the law” that “affects the health, safety, finances or personal data” of 1% of the population of any state or the nation as a whole. The penalty would be up to one year in jail, or up to three years for a second violation.

In Warren’s announcement, she specifically targeted “CEOs of giant corporations that break the law.” But legal experts say a variety of high-ranking executives could face criminal liability under the legislation, including chief information officers and human-resources directors, reports TechTarget.

Although the legislation isn’t retroactive, a number of high-profile data breaches would have met its 1% threshold, reports Slate. That includes the 2016 revelation that Wells Fargo employees had created more than 2 million fake accounts in customers’ names and the 2017 Equifax breach that affected the sensitive data of more than 143 million American consumers. Facebook’s role in allowing Cambridge Analytica to use the personal information of 87 million Facebook users is reportedly another possible example.

What’s more, while Warren’s bill is unlikely to become law, it reflects the sentiment among Democrats who might vote for her in the presidential primaries, reports Ars Technica. Sen. Ron Wyden (D-Ore.) has introduced a data-privacy bill that would be even more strict, proposing up to 20 years in prison for executives who expose their consumers' private data. Warren herself introduced a bill to establish a cybersecurity office, regulating consumer-reporting agencies, within the Federal Trade Commission.

There’s some evidence corporate executives aren’t currently being held personally accountable for data breaches, notes Forbes. Warwick Business School recently found in a study that CEOs presiding over U.S. breaches from 2004 to 2006 “were more likely to receive an increase in total and incentive pay several years after a security breach.”

More accountability is “much needed,” according to SC Magazine, which quotes Cody Brocious as saying. Brocious is the head of hacker education at HackerOne. “Security breaches are always a possibility, but there’s no excuse for security negligence in 2019.”

Read 4263 times
Rate this item
(0 votes)

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.