Following the Federal government’s settlement with Equifax regarding its 2017 data breach, Sen. Ron Wyden, D-Ore., pledged to renew his push towards passing data privacy legislation. In a statement on July 22, Wyden urged the passage of his Consumer Data Protection Act, which he initially introduced in November of 2018.
His legislation would “set strong protections for Americans’ private information and to hold corporations – and CEOs – accountable for violating Americans’ privacy or lying to the government about privacy protections.”
More specifically, the legislation would empower the Federal Trade Commission (FTC) to:
- “Establish minimum privacy and cybersecurity standards.
- Issue steep fines (up to 4 percent of annual revenue), on the first offense for companies and 10-20-year criminal penalties for senior executives.
- Create a national Do Not Track system that lets consumers stop third-party companies from tracking them on the web by sharing data, selling data, or targeting advertisements based on their personal information. It permits companies to charge consumers who want to use their products and services, but don’t want their information monetized.
- Give consumers a way to review what personal information a company has about them, learn with whom it has been shared or sold, and to challenge inaccuracies in it.
- Hire 175 more staff to police the largely unregulated market for private data.
- Require companies to assess the algorithms that process consumer data to examine their impact on accuracy, fairness, bias, discrimination, privacy, and security”
Wyden tied his support for data privacy legislation to the impact Equifax’s data breach had on Americans.
“Equifax leaders knew its security was pitifully weak and yet did nothing to correct it, according to the FTC,” Wyden said. “In a just world, these executives would be going to jail. No one should be able to collect deeply sensitive information on 200 million people without their consent, treat it with reckless disregard and then just pay a fine when a predictable, easily avoidable hack takes place.”
He argued the need for legislation, especially for sectors such as credit reporting agencies.
“Unlike the breaches at Target and Home Depot, consumers cannot vote with their wallets,” he explained. “The consumer credit agencies exist and play a role in consumers’ financial lives no matter how much they are disliked and no matter how shady their practices or how awful their cybersecurity. Market forces can’t incentivize good behavior here, and this FTC order won’t be enough either.”