Nervous about hackers? Here’s what to do after a data breach
U.S. Sen. Ron Wyden of Oregon has a new idea to make sure companies protect users’ personal information: Threaten prison for executives who mishandle that data.
Wyden said Thursday that his Consumer Data Protection Act is a “sweeping” bill to give consumers more control over their data, force companies to be transparent about how they use people’s data and impose steep fines and even prison on executives who violate the rules.
Big tech is the target: Companies with more than $50 million in yearly revenue — and who store more than 1 million users’ data — would be subject to the law, according to the draft text. Companies with more than $1 billion in yearly revenue that have data on 1 million people (as well as companies that handle data of more than 50 million people) would need to submit routine reports to the Federal Trade Commission on privacy breaches.
Purposefully misleading regulators on those data protection reports would result in a fine of as much as $5 million, or up to 20 years in prison for senior executives, according to the draft bill text.
“Today’s economy is a giant vacuum for your personal information,” Wyden, the top Democrat on the Finance Committee, said in a statement. “Everything you read, everywhere you go, everything you buy and everyone you talk to is sucked up in a corporation’s database.”
Wyden’s bill comes as tech companies like Facebook, Twitter and Google face increased scrutiny over what they’re doing to safeguard users’ data and privacy.
Last month, 50 million Facebook users’ personal information was exposed, the company said. And just a year ago Equifax, the credit reporting company, fell victim to a gigantic hack that put more than 100 million Americans’ data at risk.
The FTC would enforce Wyden’s proposed bill if it became law, and 175 more people would be hired to police companies’ use of people’s personal data. Wyden characterized the proposal as a set of “tough rules with real teeth to punish companies that abuse Americans’ most private information.”
The bill would also establish a “Do Not Track” database so people could choose not to let websites store — and then sell — their personal information.
Another proposal in the bill would allow people to see what personal data companies have on them, and see who that data has been sold to, according to a summary of the bill posted by Wyden’s office.
One tech leader praised the bill in a statement released by Wyden’s office.
“By forcing companies that sell and monetize user data to be more transparent about their data practices, the bill will also empower consumers to make better-informed privacy decisions online, enabling companies like ours to compete on a more level playing field,” said Gabriel Weinberg, CEO of search engine DuckDuckGo, according to the news release.
But the bill is an “extreme departure” from regulations most tech industry groups and privacy advocates have proposed, Bloomberg reports — and its fate would depend heavily on which party controls Congress after next week’s elections.