Executives at companies like Equifax who “negligently permit or fail to prevent” an incident that affects personal data may have to spend time in the slammer if Congress passes the Corporate Executive Accountability Act.
Under the bill, introduced by presidential candidate Sen. Elizabeth Warren, D-Mass., CEOs could get as much as one year in prison for a single breach – and up to three years if the company has another incident.
The legislation seeks to apply some much-needed accountability. "Security breaches are always a possibility, but there's no excuse for security negligence in 2019; the resources are available to raise the bar significantly and executives who don't avail themselves of that should face consequences,” said Cody Brocious, hacker and head of hacker education at HackerOne
“If you're carrying a
suitcase full of social security numbers and personal health information on the
bus, you'd better make sure you have it with you when you get off,” said Brocious.
“If you don't, people will start (rightly) asking questions about what you just
did, potentially landing you on the receiving end of a lawsuit or criminal
charges.”