Bills
| 3.23.22

Should Companies Face Federal Penalties If They Don't Tell Customers About a Data Breach? (H.R. 135)

Do you support or oppose this bill?

What is H.R. 135?

(Updated October 2, 2020)

This bill would establish penalties for companies that don't give notice to their customers about security breaches that involve sensitive personally identifiable information. Under this legislation, people who own or possess such data would have a legal responsibility to report such a breach to the U.S. Secret Service or the Federal Bureau of Investigation (FBI).

Personally identifiable information includes names, addresses, phone numbers, credit card or bank account information, and social security numbers. Under this legislation, a "major security breach" is defined as breaches that involve: 

  • Personally identifiable information from more than 10,000 individuals; 
  • Information gleaned from databases owned by the federal government; 
  • The identification of federal employees 
  • Significant affects on national security or law enforcement.

Argument in favor

Creating criminal charges for failing to notify customers of a data breach ensures that businesses are good custodians of customer data.

Argument opposed

Customers whose data is breached can sue the entity that let their information be compromised in civil court. This bill is redundant and unnecessary.

Impact

People who offer their personal information to companies in the U.S., those who are in danger of, or have had their information breached, federal employees, the government, and its secrets.

Cost of H.R. 135

A CBO cost estimate is unavailable.

Additional Info

In-Depth: This legislation was also introduced during the 114th Congress by Rep. John Conyers (D-MI), but it was never considered by the House. Currently the bill has the support of one cosponsor, Rep. Hank Johnson (D-GA).


Of Note: There have been numerous data breaches affecting millions of consumers in recent years, affecting businesses ranging from Target and Home Depot to health insurers like Anthem. More recently, credit reporting firm Equifax said that data including birth dates, credit card numbers, and more from 143 million U.S. customers was breached.

The Federal Trade Commission provides a walk through of how to find out if you were impacted by the breach, and what you need to do to protect yourself.

Media:
Summary by Eric Revell
(Photo Credit: Visual Content via Flickr / Creative Commons)