Latest Data Privacy Bill Looks to Keep Corporations Accountable
A bill introduced last week could threaten years of jail time for execs who lie to the FTC about protecting user data.
Senator Ron Wyden (D-OR) is advancing his data privacy bill from last year, the Consumer Data Protection Act, in the form of the Mind Your Own Business Act, the latest all-encompassing data privacy law to be introduced in Washington.
The bill, which expands on draft legislation introduced last year would entrust the Federal Trade Commission with the ability to fine tech companies up to four percent of their annual revenue for failing to properly handle consumer data.
The Act made headlines last year for one of its boldest initiatives - 10-20 years jailtime for senior execs who fail to follow guidelines for data use. Those companies could also face repercussions in the form of tax penalties tied to executives' salaries. The Mind Your Own Business Act has those same penalties, specifically for executives who knowingly lie to the FTC about data misuse, like breaches. In the event those execs are convicted, companies “will have to pay a tax based on the salary they paid to the officials who lied.”
Wyden’s office is trumpeting the legislation as being stricter than the European Union’s Global Data Protection Regulation and while it’s still early, in many ways, it looks like it certainly could be.
In addition to jail time and giving the FTC the ability to impose sharp fines it would also give Americans a one-click way to prohibit companies from selling or sharing their personal data.
The mechanism, which would feed into a Do Not Track tool, could also stop companies from selling, sharing or targeting advertisements around their data. It would also give consumers a way to challenge any inaccuracies in the data. The Mind Your Business bill improves on the November 2018 version by making it so companies can't mine user data to target ads on behalf of other companies.
The bill, which is just in the beginning stages, joins the ranks of would-be contemporaries like U.S. Sen. Marco Rubio's American Data Dissemination Act. and New York State's New York Privacy Act. It's important to note that Wyden's bill wouldn't preempt any state law already or soon to be on the books, like the California Consumer Privacy Act in California or New York's SHIELD Act, whose data security requirements take effect on March 21, 2020.
Still, the general gist of Wyden's bill mirrors those bills in the sense that they all prioritize knowing where user data is at all times. By not knowing where data resides, who its been shared with or sold to, corporations could be doing themselves a disservice, not to mention opening themselves up to scrutiny from a legal standpoint.
The Definitive Guide to DLP
- The seven trends that have made DLP hot again
- How to determine the right approach for your organization
- Making the business case to executives
The Definitive Guide to Data Classification
- Why Data Classification is Foundational
- How to Classify Your Data
- Selling Data Classification to the Business