The Cybersecurity 202: Senators call for data breach penalties, tougher privacy laws after Marriott hack

4 December 2018 external

A slew of Democratic senators are calling for tougher privacy laws — and even steep fines for companies that fail to protect their customers' data from data breaches — in the wake of Marriott's admission that hackers compromised the personal information of up to 500 million of its customers.

"We must set clear customer data protection standards for all companies — whether they're hotel chains, online retailers, or big tech — and severe penalties for those who fall short," Sen. Richard Blumenthal (Conn.) tweeted.

Sens. Mark Warner (Va.) and Ed Markey (Mass.) also pressed for tougher data security laws, and said Congress needs to set limits on how much customer data U.S. companies are allowed to store. Sen. Ron Wyden (Ore.) went even further — he said senior executives who ignore customer data privacy should face jail time.

After potentially one of the largest breaches of consumer data in history, lawmakers appear ready to take a page out of Europe's playbook to ensure it does not happen again: Their calls for aggressive penalties for companies that have poor data security are reminiscent of the General Data Protection Regulation that went into effect in the European Union earlier this year. The GDPR requires companies to adhere to a highly specific set of security requirements — and contains fines up to 4 percent of a company's annual revenue for violations. It is unclear, however, how such legislation would fare in a split Congress that appears poised for gridlock.

Read the full article at

Return to overview