The latest bill on data breaches to be debated by Congress could force companies to disclose any leaks to the U.S. Secret Service or the FBI within 14 days of the incident or face a fine of up to $1 million and up to five years in prison. According to experts at InfoWatch, it is high time Congress enacted one of the numerous bills that have been proposed.
The U.S. Congress is debating a new draft law on confidential data leaks called the Cyber-Security Enhancement and Consumer Data Protection Act of 2006. The proposed legislation stipulates tough penalties for those organizations that do not inform the U.S. Secret Service or FBI of a leak within 14 days of the incident. Those companies that fail to do so would face fines of up to $1 million and the management could be sentenced to up to five years in prison, according to the bill.
The bill has been described as particularly short. It applies only to security breaches in which the personal information of 10,000 or more people is compromised, or any breach involving databases owned by the Federal Government. Once they have been informed of an incident the law enforcement agencies would have the right to withhold that information for up to 30 days, or longer if the leaked data is classified as top secret.
“Congress has been swamped with bills on confidential and private data leaks. There are a few rather effective proposals among them, and a lot more that are completely useless. It is high time for the lawyers and politicians to stop coming up with new bills and finally chose one of the better laws that have already been proposed,” says Denis Zenkin, marketing director at InfoWatch.
Source: Out-Law