Sens. Elizabeth Warren (D-Massachusetts) and Mark Warner (D-Virginia) have introduced a bill that would penalize credit reporting agencies in the event of a security breach that affects consumer data.
The Data Breach Prevention and Compensation Act would give the Federal Trade Commission authority to directly supervise CRAs’ data security measures; impose penalties on CRAs to encourage sufficient consumer data protection; and compensate consumers for stolen data, Warren’s office said Wednesday.
The bill calls for the establishment of an FTC cybersecurity office that would annually inspect and supervise CRAs’ cybersecurity practices.
The proposed legislation would also require CRAs to pay $100 for each consumer who had one piece of personally identifiable information stolen and another $50 for each additional compromised PII per individual.
FTC will be directed to use 50 percent of penalties to compensate consumers and raise penalties in cases of inadequate cybersecurity or if a CRA does not notify FTC of a breach in a timely manner.
Equifax, a credit reporting agency, revealed in September 2017 that cyber attacks against the company exposed the sensitive personal information of more than 145 million U.S. citizens.
Equifax would have had to pay approximately $1.5 billion in penalties under the bill.
