Federal clampdown on credit data cybersecurity breaches

Two senators have announced plans for new cybersecurity laws that will give the Federal Trade Commission (FTC) the power to penalize organizations handling consumer credit data that fail to properly safeguard against cybercriminals. The legislation, entitled the Data Breach Prevention and Compensation Act, was proposed by Senators Elizabeth Warren and Mark Warner, and would create a new office at the FTC charged with overseeing data protection in the face of increasing cybercrime. With increasing moves to do everything online, cybercrimes are the new ‘purse snatchers’ they hone their craft and skills to target those who may be at risk, and everyone online is at risk, that is why all businesses who operate an online presence or an online eCommerce, etc. will have to have privacy protection put in place and ones that are airtight, otherwise, customers/consumers are at risk. Data masking is one of these techniques, and more can be found about how this operates by checking out related articles that can be accessed at https://www.delphix.com/glossary/data-masking for those who want to learn more on what this means.

If the legislation passes, it would mean severe penalties for credit rating companies who experience cybersecurity breaches that expose customer data. The fines would mean companies would have to pay $100 for every individual piece of “personally identifiable information” (PII) lost in a cybercrime attack, plus a further $50 for each additional PPI file per customer – which could result in large total fines in instances where cybercriminals access hundreds or thousands of individual customer records. The maximum penalty for agencies that fail to comply will equate to 50 percent of the organization’s gross revenue from the year prior to the breach.

There are no doubts about it, data breaches can have devastating consequences. That being said, it is important to remember that there are plenty of fantastic accounting companies out there that can help businesses to get to the bottom of what has caused a breach through the use of forensic accounting services. Moreover, as you can see here on the Eide Bailly website, industries such as Government, Healthcare, Financial Institutions, and Manufacturing all have to deal with significant amounts of data on a daily basis and therefore it is crucial that cybersecurity measures are put into place to protect customers, clients, and employees.

Correspondingly, the proposed bill would also give the FTC increased oversight and power over data protection standards. In the light of increased cybercrime in recent years, it compares to similar information protection legislation being enacted in other parts of the world, such as the General Data Protection Regulation (GDPR) which is due to come into force in the European Union later this year.

While the proposed fines for businesses that leave themselves exposed to cybersecurity breaches could be considered punitive, they are also intended to compensate the consumers whose personal data is exposed to cybercriminals in such attacks. Under the proposed legislation, 50 percent of the fines imposed by the FTC would be repaid to the victims as compensation, while the other half would be used to fund FTC security research and industry inspections, with the aim of helping to reduce the risks of exposure to cybercrime in the future.