Two U.S. senators recently proposed a cybersecurity legislation that will allow the Federal Trade Commission (FTC) to penalize credit rating industry organizations that don’t properly safeguard data.

Cybersecurity Legislation Imposes Penalties for Breaches

In a public statement outlining the proposed Data Breach Prevention and Compensation Act, Sens. Elizabeth Warren (D-Mass.) and Mark Warner (D-Va.) explained that the bill would create a new office at the FTC focused on information protection.

If passed, it would enact strict penalties for breaches in customer data. Specifically, credit rating agencies would receive $100 fines for each piece of personally identifiable information (PII) lost in a data breach, plus $50 for each additional PII file per customer. According to SecurityWeek, the bill also requires agencies that fail to comply to pay a maximum penalty of 50 percent their gross revenue from the year before the incident took place.

In addition to giving the FTC greater oversight and power over data protection practices, this cybersecurity legislation actually hits harder in terms of fines than the EU’s General Data Protection Regulation (GDPR). While many firms are bracing for GDPR to come into effect later this year, it’s clear that recent security headlines are creating just as much concern among lawmakers on this side of the Atlantic.

Protecting Consumer Data

The bill aims to ensure that consumers, whose personal information becomes the ultimate casualty when cybercriminals break into large corporate systems, will be fairly compensated: 50 percent of the fines collected by the FTC would go to the victims. The other half would go toward security research and inspections, SecurityWeek noted, ensuring that the law would also reduce the risk of similar occurrences in the future.

It’s not unusual for modern governments to consider cybersecurity legislation. Just as credit agencies keep a close eye on how consumers spend their money, the government wants to keep an even closer eye on how these firms are keeping data from prying eyes.

More from

Cost of a data breach 2023: Geographical breakdowns

4 min read - Data breaches can occur anywhere in the world, but they are historically more common in specific countries. Typically, countries with high internet usage and digital services are more prone to data breaches. To that end, IBM’s Cost of a Data Breach Report 2023 looked at 553 organizations of various sizes across 16 countries and geographic regions, and 17 industries. In the report, the top five costs of a data breach by country or region (measured in USD millions) for 2023…

The Growing Risks of Shadow IT and SaaS Sprawl

4 min read - In today's fast-paced digital landscape, there is no shortage of apps and Software-as-a-Service (SaaS) solutions tailored to meet the diverse needs of businesses across different industries. This incredible array of options has revolutionized how we work, providing cost-effective and user-friendly tools that streamline tasks and boost productivity. However, this ever-expanding application ecosystem comes with its challenges: namely, shadow IT and SaaS sprawl. According to a recent study by Entrust, 77% of IT professionals are concerned about shadow IT becoming a…

Are you ready to build your organization’s digital trust?

4 min read - As organizations continue their digital transformation journey, they need to be able to trust that their digital assets are secure. That’s not easy in today’s environment, as the numbers and sophistication of cyberattacks increase and organizations face challenges from remote work and insider behavior. Digital trust can make your organization’s digital transformation stronger. A lack of digital trust can do irreparable harm. However, according to ISACA’s State of Digital Trust 2023 report, too many organizations struggle to define and implement…

Most organizations want security vendor consolidation

4 min read - Cybersecurity is complicated, to say the least. Maintaining a strong security posture goes far beyond knowing about attack groups and their devious TTPs. Merely understanding, coordinating and unifying security tools can be challenging. We quickly passed through the “not if, but when” stage of cyberattacks. Now, it’s commonplace for companies to have experienced multiple breaches. Today, cybersecurity has taken a seat in core business strategy discussions as the risks and costs have risen dramatically. For this reason, 75% of organizations…