Data breach disclosure bill could bring increased accountability to the C-suite
Intentionally concealing a data breach could lead to jail time for C-suite executives under a bill introduced in the Senate November 30.
The Data Security and Breach Notification Act comes in the wake of several high-profile data breaches, including Equifax and Uber, in which it appears that members of the C-suite may have deliberately withheld information about the breach. Corporate executives found guilty of intentionally and willfully concealing a data breach could be sentenced to up to five years in jail.
The bill, which was introduced by Sen. Bill Nelson, D-Fla., and is sponsored by Sens. Richard Blumenthal, D-Conn., and Tammy Baldwin, D-Wisc., contains provisions for organizations that are subject to HIPAA. Covered entities (CE) and business associates (BA) that are in compliance with HIPAA would be assumed to be in compliance with the Data Security and Breach Notification Act. CEs and BAs that are not in compliance with HIPAA including breach notification requirements would presumably be considered not in compliance with the provisions of the bill. The bill also includes incentives to help businesses adopt new cybersecurity technology.
The bill aims to improve cybersecurity by providing incentives for stronger protections and enforcing accountability and transparency, according to Nelson’s statement.