Executives at companies like Equifax who “negligently permit
or fail to prevent” an incident that affects personal data may have to spend time
in the slammer if Congress passes the Corporate Executive Accountability Act.
Under the bill, introduced by presidential candidate Sen. Elizabeth Warren, D-Mass., CEOs could get as much as one year in prison for a single breach – and up to three years if the company has another incident.
The legislation seeks to apply some much-needed accountability. “Security breaches are always a possibility, but there’s no excuse for security negligence in 2019; the resources are available to raise the bar significantly and executives who don’t avail themselves of that should face consequences,” said Cody Brocious, hacker and head of hacker education at HackerOne
“If you’re carrying a
suitcase full of social security numbers and personal health information on the
bus, you’d better make sure you have it with you when you get off,” said Brocious.
“If you don’t, people will start (rightly) asking questions about what you just
did, potentially landing you on the receiving end of a lawsuit or criminal
Please register to continue.
Already registered? Log in.
Once you register, you’ll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.