From now, the Chief Executive Officers who misuse customers’ data could end up in jail for twenty years.
The U.S. legislation recently proposed “Mind Your Own Business Act”, which prosecutes top-level executives if their companies are found misusing citizens’ information and lying about it. Authored by Senator Ron Wyden, the bill requires organizations to produce annual data protection reports personally certified by the company’s CEO, proving that they obeyed the data regulations.
“This bill is in the first stage of the legislative process. It was introduced into Congress on October 17, 2019. It will typically be considered by committee next before it is possibly sent on to the House or Senate as a whole,” said Ron Wyden.
The new legislation adheres to a draft version known as the Consumer Data Protection Act, which was released for discussion on November 1, 2018.
The proposed bill applies to the companies that hold data of more than 50 million customers or over a million people if they make a revenue of more than US$ 1 billion. In case the company intentionally certifies false reports, then they’re subjected to a fine up to US$ 5 million or face up to 20 years of imprisonment. It also provides customers the right to demand details of any personal data collected by the companies.
Companies are also required to notify their customers what information they collect and what they are going to do with it. The bill also requires companies to provide a site that enables consumers to opt-out of any personal data collection.
Recently, the New York State Legislature passed a new bill in order to strengthen its data breach policies. The new bill, dubbed as Stop Hacks and Improve Electronic Data Security Act (SHIELD), provides more transparency to consumers, while it also imposes stringent penalties on companies without proper cybersecurity measures.
According to the Attorney General Letitia James, the SHIELD Act will update the state’s breach notification laws, expand the current notification requirements for companies, increase penalties for liable companies, and increase the rights of consumers in the event of a breach. The bill imposes tough obligations on businesses that handle sensitive data of customers. The businesses are required to maintain reasonable data security measures in case they’re collecting personal data from the customers.