Submitted via IRC for Bytram
Elizabeth Warren wants jail time for CEOs in Equifax-style breaches
In 2017, criminals stole the personal data of about 143 million people from the credit rating system Equifax. It was a huge embarrassment for the company and a headache for the millions of people affected. Equifax's then-57-year-old CEO Richard Smith retired in September 2017, weeks after the breach was discovered, with a multi-million dollar pay package.
Massachusetts US Senator turned Democratic presidential candidate Elizabeth Warren wants to make sure that CEOs who preside over massive data breaches in the future don't get off so easily. On Wednesday, she announced the Corporate Executive Accountability Act, which would impose jail time on corporate executives who "negligently permit or fail to prevent" a "violation of the law" that "affects the health, safety, finances or personal data" of 1 percent of the population of any state.
A CEO could get up to a year in prison for a first offense. Repeat offenders could get three years.
The penalty only applies to companies that generate more than $1 billion in annual revenue—Equifax had $3.4 billion in revenue in 2017. It also only applies to companies that are either convicted of violating the law or settle claims with state or federal regulators. Equifax may qualify on this score, too, since the company signed a consent decree with state regulators last year.
With that said, it seems that most data breaches probably wouldn't trigger criminal penalties under the proposed new law. A CEO would only face jail time if a data breach was the result of illegal activity by the company and if prosecutors can show that the CEO was negligent in failing to prevent it. And under current law, merely being the victim of a data breach isn't a crime.
(Score: 0) by Anonymous Coward on Monday April 08 2019, @09:44AM (2 children)
We all know what's going to happen next
(Score: 0) by Anonymous Coward on Monday April 08 2019, @09:51AM (1 child)
https://boingboing.net/2019/04/03/data-flying-dutchman.html [boingboing.net]
(Score: 2) by SpockLogic on Monday April 08 2019, @12:12PM
1. Arrest the lying little shit.
2. Sell tickets to the perp walk.
3. PROFIT.
Overreacting is one thing, sticking your head up your ass hoping the problem goes away is another - edIII
(Score: 2, Informative) by Anonymous Coward on Monday April 08 2019, @10:26AM (18 children)
Accountability of CXOs is never going to happen because corporations and their lobbyists make large financial contributions, and sometimes even write new legislation and amendments to bills under consideration.
Politicians are not going to bite the hand that feeds their campaigns. Politicians are beholden to the mighty dollar over all other things and that will never change (because corporate interests will never let it change).
(Score: 1, Interesting) by Anonymous Coward on Monday April 08 2019, @11:30AM (10 children)
People are so dumb... They get confused by one layer of misdirection.
What is a corporation? A group of people paid the government for access to a special legal system so they can't be held fully accountable for the actions of that organization.
Why is the government selling this access to begin with? Once you have your answer you'll see why this next idiotic idea from a US presidential candidate will never happen. Everything I am hearing from Democrat candidates is idiotic totally misunderstanding the world type stuff, like they are strawmen for Trump to knock down.
(Score: 0) by Anonymous Coward on Monday April 08 2019, @11:34AM (9 children)
And oh, I see the loopholes are coming pre-carved out now, and with an automatic expiration date due to inflation too. So stupid...
(Score: 1) by khallow on Monday April 08 2019, @12:18PM
Welcome to necessary regulatory conditions for healthy business to exist. Not getting arrested because politicians are flaky is one of those conditions.
(Score: 4, Interesting) by bradley13 on Monday April 08 2019, @12:21PM (7 children)
This. Just from TFS it is entirely clear that no one could every be successfully jailed through this law. So: it's pandering to the masses - "look, we are going to hold upper management responsible!" - when, in fact, this bill would never accomplish any such thing.
Anyway, while I'm not a fan of the CxO level of large companies, this isn't entirely fair. One disgruntled employee in the right place can cause a massive data breech, theirs d*mn all that person's manager can do about it, and this would then tie the company up in court for years defending its CxOs. Especially given all of the subjective factors mentioned in TFS (e.g., define "negligent").
To my mind a far better approach is to define objective fines that are levied, based on objective evidence. Who cares why a data breech occurred - fine the company based on the amount and sensitivity of the data. If the breech was due to a disgruntled employee, the company can go after them.
Everyone is somebody else's weirdo.
(Score: 3, Interesting) by Anonymous Coward on Monday April 08 2019, @12:29PM (1 child)
Fines? No, why should the government get paid when there is a breach? If anything I'd expect more breaches somehow facilitated by the government.
The victims should be able to get paid something on the order of $1-10k each for something like equifax. Basically a real solution would pave the way for successful lawsuits in these circumstances.
(Score: 0) by Anonymous Coward on Monday April 08 2019, @08:35PM
Hah, exactly. I was going to ask if this law is going to apply to, oh, the head of the OMB as well.
(Score: 5, Insightful) by Immerman on Monday April 08 2019, @01:33PM (4 children)
>One disgruntled employee in the right place can cause a massive data breech,
If that's the case, then so could one criminal employee, and the company's security is obviously negligent. You would never allow your valuable trade secrets to be so easily stolen, so why is it acceptable for customer data?
And fortunately there's an easy solution for most companies: don't store the data in the first place - you can't have a data breech if you don't have the data.
(Score: 0) by Anonymous Coward on Monday April 08 2019, @04:51PM
Congratulations! You win the internet for today! Go grab yourself a sugar cookie.
(Score: 3, Funny) by Sourcery42 on Monday April 08 2019, @05:39PM (2 children)
I, for one, typically do not store data in my breeches, but to each his own ;)
(Score: 3, Funny) by bzipitidoo on Monday April 08 2019, @05:49PM (1 child)
Oh? Where are your gonads and all the DNA data they contain? Wait, I get it-- your significant other keeps them in a box. I'm sorry.
(Score: 2) by DeathMonkey on Monday April 08 2019, @07:14PM
Once more unto the breech! But, y'know, just for the fun of it and between consenting adults.
(Score: 4, Insightful) by DeathMonkey on Monday April 08 2019, @05:02PM (4 children)
Wrong.
Accountability is never going to happen because of REPUBLICANS. The end.
(Score: 2) by Booga1 on Monday April 08 2019, @05:22PM (3 children)
What I see here is a win for both parties.
Democrats get a win by making a proposal that sounds like it would be tough on "evil corporate shenanigans."
Republicans get a win by fighting back and stopping "critically flawed legislation" that wouldn't have passed anyway.
Democrats get to say, "We were so close! See why you need to vote for us?"
Republicans get to say, "That was a close one! See why you need to vote for us?"
(Score: 4, Insightful) by DeathMonkey on Monday April 08 2019, @05:28PM (2 children)
And? They are both trying to implement the policies they believe in.
Now, as a voter, you get to choose which policy most closely aligns to your beliefs and vote for the people trying to implement it.
What you don't get to do is simply proclaim that both sides are the exact same when the actions they are taking are the exact opposite.
(Score: 2) by Booga1 on Monday April 08 2019, @08:12PM
I've made no such claim "that both sides are the exact same."
Perhaps I could have phrased it better, but I don't think they're trying to implement anything in this particular case. This is showmanship and hand-waving legislation at its best.
I don't believe that either side thinks this has any traction to become law. The proposed law is simply for show and both sides get to make themselves look good. It's a farce.
(Score: 1, Insightful) by Anonymous Coward on Monday April 08 2019, @09:26PM
No, they're not, because the Republicans don't believe in anything except money, and the majority of Democrats are the same. Corporate Democrats like Cory Booker, Kamala Harris, Kirsten Gillibrand, and worse are the cancer plaguing the Democratic party, and they need to be primaried out of office in favor of progressive candidates who don't accept corporate bribes to even have a chance of saving it. The Republican party, on the other hand, is entirely hopeless.
That assumes the US is a democratic republic, when in fact it functions as more of an oligarchy. Maybe if we had instant-runoff voting and various other democratic reforms, things would be different, but that's not the case yet. Any country that forces people to choose a lesser evil is not democratic at all and will do very poorly at reflecting the actual policy positions of The People.
(Score: 3, Touché) by DeathMonkey on Monday April 08 2019, @05:07PM (1 child)
Less than 1% of Warren's campaign money comes from corporations. [washingtonpost.com]
If anything, she would be biting the hands of the millions of small contributors if she DOESN'T go after corporations.
(Score: 0) by Anonymous Coward on Tuesday April 09 2019, @03:41AM
Yeah, about that ... even if Warren becomes president she'll still need the House and the Senate to vote in favor of biting the hand that feeds their campaigns.
(Score: -1, Flamebait) by Anonymous Coward on Monday April 08 2019, @01:24PM (3 children)
I propose a law jailing law school graduates, who claim racial preference for employment, when they are not qualified to do so. I'll call it "Pocahontas' law".
(Score: 1, Informative) by Anonymous Coward on Monday April 08 2019, @03:26PM (2 children)
^^ We call this whataboutism.
(Score: 4, Interesting) by Anonymous Coward on Monday April 08 2019, @04:08PM (1 child)
Then I'll give you a real whatabout to chew on: If your physician's office breaches your personal information....
https://www.hipaajournal.com/civil-penalty-for-knowingly-violating-hipaa/ [hipaajournal.com] and countless other places.
Employees can be personally held liable for breaches to the same tune. There is the possiblity of jail time for violators.
Now, why exactly do you think that FICO, Equifax, TransUnion, and Experian should be held less liable than your family physician should be?
(Score: 0) by Anonymous Coward on Tuesday April 09 2019, @01:20AM