Data Breach Bill Signals Increased Federal Interest in Cybersecurity

January 16, 2018 Advisory

A year after the Equifax hack compromised the personal information for over 145 million people, U.S. Democratic Senators Elizabeth Warren and Mark Warner introduced the Data Breach Prevention and Compensation Act last week. The new legislation would expand the Federal Trade Commission’s (FTC) authority over data breaches by creating an Office of Cybersecurity, which would be tasked with directly supervising data security at consumer credit reporting agencies, such as Equifax, Experian and TransUnion. While most cybersecurity legislation currently exists at the state level, the bill is significant in that it signals continued sector-specific interest in cybersecurity at the federal level.

Inspired by today’s information economy, where the personal information of millions of people is collected, centralized and used, the bill aims to create a stricter regime of regulating consumer data.

While the FTC would work to promulgate a number of regulations regarding cybersecurity, the cornerstone of the legislation is the call for “mandatory, strict liability penalties for breaches of consumer data” and robust compensation for those whose data was compromised. While fines would be capped based on the agency’s revenue, the base penalty would be $100 for each consumer with one piece of personally identifiable information (PII) compromised. An additional $50 would be fined for each additional piece of PII compromised per consumer. To put these numbers in context, under the current bill, Equifax would have had to pay a $1.5 billion fine for the hack it suffered. Moreover, the bill would require credit reporting agencies to notify the FTC of a breach within 10 days.

Focused on the consequences of not providing adequate security for consumer data, Sen. Warren has explained that the approach of the bill is not to have a host of regulators come in and tell credit reporting agencies how to do their job or design a cybersecurity program. Instead, the focus is to ensure that companies dealing with such enormous amounts of highly sensitive data are actually able to protect it.

Although the bill is narrowly tailored to credit reporting agencies, it signals a continued emphasis on cybersecurity at the federal level in an age when companies are gathering and maintaining more and more information about consumers. This news serves as a good reminder for other industries to stay vigilant and prepare as much as possible for cyberattacks.

Contact Us
  • Worldwide
  • Boston, MA
  • Chicago, IL
  • Denver, CO
  • Dublin, Ireland
  • Edwardsville, IL
  • Jefferson City, MO
  • Kansas City, MO
  • Las Vegas, NV
  • London, England
  • Miami, FL
  • New York, NY
  • Orange County, CA
  • Philadelphia, PA
  • Princeton, NJ
  • Salt Lake City, UT
  • St. Louis, MO
  • Washington, D.C.
  • Wilmington, DE
abstract image of world map
Boston, MA
800 Boylston St.
30th Floor
Boston, MA 02199
Google Maps
Boston, Massachusetts
Chicago, IL
100 North Riverside Plaza
Suite 1500
Chicago, IL 60606-1520
Google Maps
Chicago, Illinois
Denver, CO
4643 S. Ulster St.
Suite 800
Denver, CO 80237
Google Maps
Denver, Colorado
Dublin, Ireland
Fitzwilliam Hall, Fitzwilliam Place
Dublin 2, Ireland
Google Maps
Edwardsville, IL
115 N. Second St.
Edwardsville, IL 62025
Google Maps
Edwardsville, Illinois
Jefferson City, MO
101 E. High St.
First Floor
Jefferson City, MO 65101
Google Maps
Jefferson City, Missouri
Kansas City, MO
2345 Grand Blvd.
Suite 1500
Kansas City, MO 64108
Google Maps
Kansas City, Missouri
Las Vegas, NV
7160 Rafael Rivera Way
Suite 320
Las Vegas, NV 89113
Google Maps
Las Vegas, Nevada
London, England
Royal College of Surgeons of England
38-43 Lincoln’s Inn Fields
London, WC2A 3PE
Google Maps
Miami, FL
355 Alhambra Circle
Suite 1200
Coral Gables, FL 33134
Google Maps
Photo of Miami, Florida
New York, NY
7 Times Square, 44th Floor
New York, NY 10036
Google Maps
New York City skyline
Orange County, CA
19800 MacArthur Boulevard
Suite 300
Irvine, CA 92612
Google Maps
Philadelphia, PA
2005 Market Street
29th Floor, One Commerce Square
Philadelphia, PA 19103
Google Maps
Philadelphia, Pennsylvania
Princeton, NJ
100 Overlook Center
Second Floor
Princeton, NJ 08540
Google Maps
Princeton, New Jersey
Salt Lake City, UT
222 South Main St.
Suite 1830
Salt Lake City, UT 84101
Google Maps
Salt Lake City, Utah
St. Louis, MO
7700 Forsyth Blvd.
Suite 1800
St. Louis, MO 63105
Google Maps
St. Louis, Missouri
Washington, D.C.
1717 Pennsylvania Avenue NW
Suite 400
Washington, DC 20006
Google Maps
Photo of Washington, D.C. with the Capitol in the foreground and Washington Monument in the background.
Wilmington, DE
1007 North Market Street
Wilmington, DE 19801
Google Maps
Wilmington, Delaware