Online security: New bill to punish companies for breaches

To protect people's online security, Congress introduced a new bill that would penalize corporations for leaks and hacks. Will such a law improve online security?

Sony execs in May bow to apologize for an online security breach that exposed information on some 77 million accounts. If a new bill becomes law, American companies could be punished for such a failure in online security.

Natsuki Sakai/AFLO/Newscom/FILE

September 13, 2011

A new bill in the US Senate would punish companies that carelessly experience online security breaches that compromise consumer privacy, reports the New York Times.

The bill, introduced Thursday and called the Personal Data Protection and Breach Accountability Act of 2011, aims to protect a citizens’ privacy and online security.

Sen. Richard Blumenthal (D) of Conn., who sponsored the bill, said many of the more recent security breaches (like Sony’s PlayStation Network fiasco) were very preventable.

 

Only companies that store data online for over 10,000 people would be affected by the bill. If passed, the bill would require those companies to follow a set of guidelines to ensure all the personal data they store is sufficiently protected. Those that don’t follow the guidelines would be at risk of racking up hefty fines from the government.

Should the bill pass, customers who entrust their personal information online would be able to sue companies in charge of that data in the event of a preventable security breach.

I don’t know that a bill like this is necessary. Companies are already suffer plenty of losses – both money and credibility – when data breaches occur. Ultimately if a company doesn’t care about its consumers’ personal privacy, it likely won’t stay in business long.