"We must set clear customer data protection standards for all companies — whether they're hotel chains, online retailers, or big tech — and severe penalties for those who fall short," Sen. Richard Blumenthal (Conn.) tweeted.
Sens. Mark Warner (Va.) and Ed Markey (Mass.) also pressed for tougher data security laws, and said Congress needs to set limits on how much customer data U.S. companies are allowed to store. Sen. Ron Wyden (Ore.) went even further — he said senior executives who ignore customer data privacy should face jail time.
After potentially one of the largest breaches of consumer data in history, lawmakers appear ready to take a page out of Europe's playbook to ensure it does not happen again: Their calls for aggressive penalties for companies that have poor data security are reminiscent of the General Data Protection Regulation that went into effect in the European Union earlier this year. The GDPR requires companies to adhere to a highly specific set of security requirements — and contains fines up to 4 percent of a company's annual revenue for violations. It is unclear, however, how such legislation would fare in a split Congress that appears poised for gridlock.