A group of lawmakers have reintroduced the Data Breach Prevention and Compensation Act to hold credit reporting agencies’ feet to the fire for data breaches involving consumer data.
The Data Breach Prevention and Compensation Act would impose penalties for breaches, require cybersecurity inspections and compensate consumers for stolen data. The bill is in response to the 2017 news that hackers had breached Equifax and exposed the sensitive information of 143 million Americans.
Among other actions, the bill would enforce a base penalty of $100 for each consumer who had one piece of personal identifying information compromised and another $50 for every additional PII compromised. It would require the Federal Trade Commission to use half of its penalty to compensate consumers. The bill would also increase penalties “in cases of woefully inadequate cybersecurity” or if a credit reporting agency fails to report on a breach to FTC in a timely manner.
The bill was reintroduced by Sens. Elizabeth Warren, D-Mass. and Mark Warner, D-Va., along with Reps. Elijah Cummings, D-Md., and Raja Krishnamoorthi, D-Ill.