Thought Leadership

Data Breach Bill Signals Increased Federal Interest in Cybersecurity

January 16, 2018 Advisory

A year after the Equifax hack compromised the personal information for over 145 million people, U.S. Democratic Senators Elizabeth Warren and Mark Warner introduced the Data Breach Prevention and Compensation Act last week. The new legislation would expand the Federal Trade Commission’s (FTC) authority over data breaches by creating an Office of Cybersecurity, which would be tasked with directly supervising data security at consumer credit reporting agencies, such as Equifax, Experian and TransUnion. While most cybersecurity legislation currently exists at the state level, the bill is significant in that it signals continued sector-specific interest in cybersecurity at the federal level.

Inspired by today’s information economy, where the personal information of millions of people is collected, centralized and used, the bill aims to create a stricter regime of regulating consumer data.

While the FTC would work to promulgate a number of regulations regarding cybersecurity, the cornerstone of the legislation is the call for “mandatory, strict liability penalties for breaches of consumer data” and robust compensation for those whose data was compromised. While fines would be capped based on the agency’s revenue, the base penalty would be $100 for each consumer with one piece of personally identifiable information (PII) compromised. An additional $50 would be fined for each additional piece of PII compromised per consumer. To put these numbers in context, under the current bill, Equifax would have had to pay a $1.5 billion fine for the hack it suffered. Moreover, the bill would require credit reporting agencies to notify the FTC of a breach within 10 days.

Focused on the consequences of not providing adequate security for consumer data, Sen. Warren has explained that the approach of the bill is not to have a host of regulators come in and tell credit reporting agencies how to do their job or design a cybersecurity program. Instead, the focus is to ensure that companies dealing with such enormous amounts of highly sensitive data are actually able to protect it.

Although the bill is narrowly tailored to credit reporting agencies, it signals a continued emphasis on cybersecurity at the federal level in an age when companies are gathering and maintaining more and more information about consumers. This news serves as a good reminder for other industries to stay vigilant and prepare as much as possible for cyberattacks.

Contact Us
  • Worldwide
  • Boston, MA
  • Denver, CO
  • Edwardsville, IL
  • Jefferson City, MO
  • Kansas City, MO
  • Las Vegas, NV
  • New York, NY
  • Philadelphia, PA
  • Princeton, NJ
  • Salt Lake City, UT
  • St. Louis, MO
Worldwide
abstract image of world map
Boston, MA
225 Franklin Street
26th Floor
Boston, MA 02110
Google Maps
Denver, CO
4643 S. Ulster St.
Suite 800
Denver, CO 80237
Google Maps
Denver, Colorado
Edwardsville, IL
115 N. Second St.
Edwardsville, IL 62025
Google Maps
Jefferson City, MO
3405 W. Truman Boulevard
Suite 210
Jefferson City, MO 65109
Google Maps
Jefferson City, Missouri
Kansas City, MO
2345 Grand Blvd.
Suite 1500
Kansas City, MO 64108
Google Maps
Kansas City, Missouri
Las Vegas, NV
3770 Howard Hughes Parkway
Suite 200
Las Vegas, NV 89169
Google Maps
Las Vegas, Nevada
New York, NY
919 Third Ave., 37th Floor
New York, NY 10022
Google Maps
New York City
Philadelphia, PA
2005 Market Street
29th Floor, One Commerce Square
Philadelphia, PA 19103
Google Maps
Philadelphia, Pennsylvania
Princeton, NJ
100 Overlook Center
Second Floor
Princeton, NJ 08540
Google Maps
Princeton, New Jersey
Salt Lake City, UT
257 East 200 South
Suite 350
Salt Lake City, UT 84111
Google Maps
Salt Lake City, Utah
St. Louis, MO
7700 Forsyth Blvd.
Suite 1800
St. Louis, MO 63105
Google Maps
St. Louis, Missouri