Like Countable?

Install the App
TRY NOW

house Bill H.R. 135

Should Companies Face Federal Penalties If They Don't Tell Customers About a Data Breach?

Argument in favor

Creating criminal charges for failing to notify customers of a data breach ensures that businesses are good custodians of customer data.

Pat's Opinion
···
09/08/2017
Absolutely. This data is more important than currency. It's people's lives and malleable attitudes that are vulnerable. Do we actually care about protecting Americans or just American companies.?
Like (156)
Follow
Share
11Q11's Opinion
···
09/08/2017
Definately...when a company requires personal information they had better be able to protect it as the consumer has entrusted them to do so....
Like (78)
Follow
Share
Tooluser1's Opinion
···
09/08/2017
The opposing argument is fatuous and utterly ridiculous. "Consumers can sue..." Really? When they *don't know* the breach occurred?!? Or how identity thieves came to have their info? While company executives insider trade stocks ahead of disclosures?
Like (47)
Follow
Share

Argument opposed

Customers whose data is breached can sue the entity that let their information be compromised in civil court. This bill is redundant and unnecessary.

Terry's Opinion
···
09/08/2017
No more regulations no more Govt. interference. Eliminate the CBO, they are political and are always inaccurate so what have them.
Like (6)
Follow
Share
Nick-Papagiorgio's Opinion
···
09/08/2017
I'm not sure if I'm a Yay or Nay on this, but how could such a law be enforced without major government overreach? I think we have more than enough of that already.
Like (3)
Follow
Share
DrRichSwier's Opinion
···
09/08/2017
This is double punishment without due process. I had my personal files along with 25 million other records of military personnel stolen from the Office Of Personal Management. Should they be fined? What's good for the goose is good for the gander. President Trump has made cyber security a priority. This is the right way to go.
Like (1)
Follow
Share

bill Progress


  • Not enacted
    The President has not signed this bill
  • The senate has not voted
  • The house has not voted
      house Committees
      Committee on the Judiciary
      Antitrust, Commercial and Administrative Law
      Crime, Terrorism and Homeland Security
    IntroducedJanuary 3rd, 2017

What is House Bill H.R. 135?

This bill would establish penalties for companies that don't give notice to their customers about security breaches that involve sensitive personally identifiable information. Under this legislation, people who own or possess such data would have a legal responsibility to report such a breach to the U.S. Secret Service or the Federal Bureau of Investigation (FBI).

Personally identifiable information includes names, addresses, phone numbers, credit card or bank account information, and social security numbers. Under this legislation, a "major security breach" is defined as breaches that involve: 

  • Personally identifiable information from more than 10,000 individuals; 
  • Information gleaned from databases owned by the federal government; 
  • The identification of federal employees 
  • Significant affects on national security or law enforcement.

Impact

People who offer their personal information to companies in the U.S., those who are in danger of, or have had their information breached, federal employees, the government, and its secrets.

Cost of House Bill H.R. 135

A CBO cost estimate is unavailable.

More Information

In-Depth: This legislation was also introduced during the 114th Congress by Rep. John Conyers (D-MI), but it was never considered by the House. Currently the bill has the support of one cosponsor, Rep. Hank Johnson (D-GA).

Of Note: There have been numerous data breaches affecting millions of consumers in recent years, affecting businesses ranging from Target and Home Depot to health insurers like Anthem. More recently, credit reporting firm Equifax said that data including birth dates, credit card numbers, and more from 143 million U.S. customers was breached.

The Federal Trade Commission provides a walk through of how to find out if you were impacted by the breach, and what you need to do to protect yourself.

Media:
Summary by Eric Revell
(Photo Credit: Visual Content via Flickr / Creative Commons)

AKA

Cyber Privacy Fortification Act of 2017

Official Title

To protect cyber privacy, and for other purposes.

    Absolutely. This data is more important than currency. It's people's lives and malleable attitudes that are vulnerable. Do we actually care about protecting Americans or just American companies.?
    Like (156)
    Follow
    Share
    No more regulations no more Govt. interference. Eliminate the CBO, they are political and are always inaccurate so what have them.
    Like (6)
    Follow
    Share
    Definately...when a company requires personal information they had better be able to protect it as the consumer has entrusted them to do so....
    Like (78)
    Follow
    Share
    The opposing argument is fatuous and utterly ridiculous. "Consumers can sue..." Really? When they *don't know* the breach occurred?!? Or how identity thieves came to have their info? While company executives insider trade stocks ahead of disclosures?
    Like (47)
    Follow
    Share
    For sure! This last breach occurred in July. I'm being told now but they've had my info for a month and a half and have been having great fun with it despite my being a member of Trusted ID. If that doesn't warrant a penalty I don't know what does. Now it's up to me to put the credit freezes, fraud alerts, password changes and additional ID protections in place at my expense because once again someone was asleep at the wheel.
    Like (33)
    Follow
    Share
    If a bank lost everyone’s money, regulators might try to shut down the bank. If an accounting firm kept shoddy books, its licenses to practice accounting could be revoked. If a data-storage credit agency loses pretty much everyone’s data, why should it be allowed to store anyone’s data any longer? Here’s one troubling reason: Because even after one of the gravest breaches in history, no one is really in a position to stop Equifax from continuing to do business as usual.
    Like (29)
    Follow
    Share
    Much of this information is collected without my knowledge or consent (by companies such as Equifax). If they are victims of a hack they should absolutely turn over all information to law enforcement. In a case like this I've become the victim of a crime and may suffer the consequences.
    Like (21)
    Follow
    Share
    Companies who through their negligence allow data hacks need to pay retribution to its customers. It's the user of their services that the retribution should be payed to- not the government. And all those affected should be provided free credit motoring for 3 years. After this period, the company, will reimburse for future credit hacks. Wouldn't it be wonderful that we taxpayers could get a rebate from our own government when Federal agencies are hacked and citizen date stolen.
    Like (16)
    Follow
    Share
    In today's corporatocracy it seems companies can kill us with impunity, much less hand over our identities without repercussion. If any of us citizens did the kinds of things corporations routinely do, we'd be behind bars, or worse, forever. We hear so much about how responsible the wealthiest of us are. Let's see that talk walked. Companies who lose our data and hide it must pay a price for corruption.
    Like (13)
    Follow
    Share
    What's the alternative, let companies throw consumer security to the wind? Please protect our rights to consumer security by passing this bill.
    Like (12)
    Follow
    Share
    Absolutely. And penalties if they are breached at all.
    Like (10)
    Follow
    Share
    I don't have the time or the money to sue. I just want to be able to the take the necessary steps to secure my information in a timely manner - apply credit freezes, fraud alerts, password changes, etc. Equally important, they would have a legal responsibility to report such a breach to the U.S. Secret Service or the Federal Bureau of Investigation (FBI). Any federal awarded penalties must be earmarked for improving cyber security. To quote Jennifer: "1) This sitting on it for months while we are oblivious and their CFO and other officers are insider-trading off their stock prior to announcement is complete bull. 2) Offering us their "Trusted ID Premier" free for only a year (which I don't have much faith in, by the way) while "they" sit on our data until everyone's free year runs out is also bull. 3) Auto-enrolling people and then finding out the TOS, which I have yet to be presented with or agree to, includes lingo that seems to exempt me from being able to join any class action lawsuits is just shady damage control. How about some personal accountability?" To quote Kodiwodi: "For sure! This last breach occurred in July. I'm being told now but they've had my info for a month and a half and have been having great fun with it despite my being a member of Trusted ID. If that doesn't warrant a penalty I don't know what does. Now it's up to me to put the credit freezes, fraud alerts, password changes and additional ID protections in place at my expense because once again someone was asleep at the wheel."
    Like (9)
    Follow
    Share
    Dear corporations: If you ask us to provide our personal information then you must protect it. And if it's compromised in any way, you must inform us and restore us to our prior status.
    Like (9)
    Follow
    Share
    Companies should definitely be fined if they fail to notify customers. If companies store consumer's data, they become responsible for keeping that data private. Whether that data be address or sensitive billing information. More often than not, these data breaches occur because the company has failed to define and/or enforce proper IT Security protocols. Failing to enact those policies, let alone failing to notify customers when that data is lost is pure negligence and should be held accountable.
    Like (9)
    Follow
    Share
    These companies collect our private information without our consent. When they play fast and loose with that information, they want a pass on penalties for allowing that data to fall into unsavory hands. No matter that this has great impact on the identity and the credit of those compromised. Two things need to happen: 1. If the government continues to allow collection of our data without consent; there needs to be a very strong protection of that information; 2. There need to be the harshest penalties in place for when the next breach happens. They're making money off our backs. They should pay if their security laxity compromises us!
    Like (7)
    Follow
    Share
    This legislation is a good first step in keeping companies accountable to their customers. Not only are companies responsible for notifying customers of data breaches, but the notifications should be TIMELY and WIDESPREAD. Law suits are inadequate considering the inequal power and resources of multinationals and national corporations compared to a single consumer.
    Like (7)
    Follow
    Share
    It's high time that Congress demands that companies must upgrade & continue to monitor the strictest security measures to protect the privacy & data of their customers. Until these companies face consequences for their failures, nothing will change.
    Like (6)
    Follow
    Share
    Identity theft/loss has a sometimes irreversible impact and securing this data should be paramount to corporations profiting off of retaining this information, thus they should be held accountable in the same capacity as physical goods.
    Like (6)
    Follow
    Share
    Data is like currency, it is valuable to that person. We need to be warned about breaches in our financial accounts (bank accounts or credit reports) before we spend our money. Consumers need to be protected at all costs. Banks like Wells Fargo and credit agencies like Equifax should be held accountable for these breaches. Our money and our credit scores should always be secured.
    Like (5)
    Follow
    Share
    Ive been a victim of this and wasn't told until 3 years later; this is not okay and needs to be prevented and these companies need to be held accountable
    Like (5)
    Follow
    Share
    MORE