Are companies required to inform customers of digital data breaches immediately? Sometimes yes, sometimes no — and sometimes it all depends on situational details and state regulations. But some lawmakers are urging uniformity and recently introduced a bill that would do just that: The Data Security Breach Notification Act.
Data Security Breach Notification Act: The Basics
Currently, local and state laws form a patchwork of data breach notification regulations, but United States federal code is mum on the matter.
To rectify the situation, some Senate Commerce Committee members are trying to revive a bill that requires companies to notify users straightaway in the wake of a data-exposing hack.
What if months pass before a business discovers that it’s been pwnd? The legislation considers this genuine possibility and includes provisions stipulating that actionable violations must be “intentionally and willfully” concealed.
Data Security Breach Notification Act: Penalties
What penalties are politicians proposing? The current draft calls for fines and up to five-year prison sentences for egregious and recidivist offenders. In addition to prescribing penalties, lawmakers are also looking at ways to incentivize the use of technology that renders stolen data unusable.
Data Security Breach Notification Act: The Incidental Impetus
The bill revitalization attempt comes in the wake of the Uber and Equifax digital breaches that affected millions of people (Uber, about 57 million; Equifax, about 145.5 million) — and raised eye-brows because of the way executives in each company reacted. People questioned: Does Uber care about customer privacy, because the company was willing to pay hackers $100,000 in hush money and didn’t alert affected parties in a timely manner? And “Why did Equifax wait over a month to alert the public about the breach? That doesn’t seem too customer-focused.”
Are these questions fair? Like everything else in life, it’s complicated. Of course we all, as consumers, want businesses to be mindful of personal data. But as many companies know, hacks happen to even the most secure operations. And sometimes, the reputation-to-effort assumptions made in the wake of a breach can be unfairly devastating.
Connect With An Internet Lawyer
Gordon Law helps businesses navigate legalities related to online privacy and data hacking incidents. To learn more about our Internet law practice, start here. If you landed on this page because you’re in search of a digital security breach attorney, get in touch. We know what to do, and we’re ready to help guide you through the legal maze.