The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Latest Data Privacy Bill Looks to Keep Corporations Accountable

by Chris Brook on Monday October 21, 2019

Contact Us
Free Demo
Chat

A bill introduced last week could threaten years of jail time for execs who lie to the FTC about protecting user data.

Senator Ron Wyden (D-OR) is advancing his data privacy bill from last year, the Consumer Data Protection Act, in the form of the Mind Your Own Business Act, the latest all-encompassing data privacy law to be introduced in Washington.

The bill, which expands on draft legislation introduced last year would entrust the Federal Trade Commission with the ability to fine tech companies up to four percent of their annual revenue for failing to properly handle consumer data.

The Act made headlines last year for one of its boldest initiatives - 10-20 years jailtime for senior execs who fail to follow guidelines for data use. Those companies could also face repercussions in the form of tax penalties tied to executives' salaries. The Mind Your Own Business Act has those same penalties, specifically for executives who knowingly lie to the FTC about data misuse, like breaches. In the event those execs are convicted, companies “will have to pay a tax based on the salary they paid to the officials who lied.”

Wyden’s office is trumpeting the legislation as being stricter than the European Union’s Global Data Protection Regulation and while it’s still early, in many ways, it looks like it certainly could be.

In addition to jail time and giving the FTC the ability to impose sharp fines it would also give Americans a one-click way to prohibit companies from selling or sharing their personal data.

The mechanism, which would feed into a Do Not Track tool, could also stop companies from selling, sharing or targeting advertisements around their data. It would also give consumers a way to challenge any inaccuracies in the data. The Mind Your Business bill improves on the November 2018 version by making it so companies can't mine user data to target ads on behalf of other companies.

The bill, which is just in the beginning stages, joins the ranks of would-be contemporaries like U.S. Sen. Marco Rubio's American Data Dissemination Act. and New York State's New York Privacy Act. It's important to note that Wyden's bill wouldn't preempt any state law already or soon to be on the books, like the California Consumer Privacy Act in California or New York's SHIELD Act, whose data security requirements take effect on March 21, 2020.

Still, the general gist of Wyden's bill mirrors those bills in the sense that they all prioritize knowing where user data is at all times. By not knowing where data resides, who its been shared with or sold to, corporations could be doing themselves a disservice, not to mention opening themselves up to scrutiny from a legal standpoint.

Tags: Data Privacy, Government

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.