WASHINGTON (Reuters) – Two Senate Democrats are proposing large new fines for credit reporting agencies that lose consumers’ personal information in data breaches, according to a bill they introduced on Wednesday.
The bill would impose potentially significant fines against companies like Equifax, TransUnion, and Experian if their cyber security fails to ward off hackers trying to obtain sensitive data. It also would establish a new Office of Cybersecurity at the Federal Trade Commission, and charge it with monitoring cyber security at those companies.
Senators Mark Warner and Elizabeth Warren’s bill is in response to a data breach at Equifax that put the information of 145 million Americans at risk. The bill faces an uphill climb in a Republican-led Congress, but if it became law, would allow the government to fine as much as 75 percent of a credit reporting agency’s gross revenue should a hack occur.
“Our bill imposes massive and mandatory penalties for data breaches at companies like Equifax – and provides robust compensation for affected consumers,” Warren said in a statement.
The bill would fine a company $100 for each consumer that had a piece of personal information compromised in a data breach, with an additional $50 for each additional piece of data put at risk for each consumer. Those fines could add up to 50 percent of a company’s gross revenue.
But, that penalty doubles if company fails to disclose the breach to regulators in a timely manner or has insufficient cyber security in place, and can add up to as much as 75 percent of a company’s global revenue for the last fiscal year.
Reporting by Pete Schroeder; editing by Grant McCool