On November 30, 2017, a group of U.S. senators re-introduced a bill, known as the Data Security and Breach Notification Act, which seeks to impose criminal liability of up to five years of jail time on any corporate executive convicted of “intentionally and willfully” concealing a data breach.
The bill also proposes that the Federal Trade Commission (FTC) establish standard, nationwide security protocols for businesses to follow. The bill would also require companies to report data breaches to consumers or users within 30 days unless a U.S. federal law enforcement or intelligence agency exempts the entity from informing the public. Companies would also be required to assess “reasonably foreseeable” vulnerabilities in their systems. Additionally, the bill directs the FTC to provide incentives to businesses for the adoption of technology that renders stolen consumer data unusable or unreadable.
This bill is a re-introduction of a 2015 bill by the same name, which was also re-introduced in 2016. A copy of the bill can be found here.