Elizabeth Warren proposes holding execs criminally liable for scams and data breaches

Cory Doctorow reports: A new bill from Senator Elizabeth Warren proposes personal, criminal liability for top executives of companies turning over more than $1B/year when those companies experience data breaches and scams due to negligence (many of the recent high-profile breaches would qualify, including the Equifax giga-breach, as well as many of Wells Fargo’s string of scams and scandals). It is part of a raft of excellent policy proposals that Warren has introduced in conjunction with her bid for the 2020 Democratic presidential nomination (I am a donor to her campaign, as well as the Bernie Sanders campaign): lowering drug prices with federally commissioned generics, an annual wealth tax on family fortunes over $50m, antitrust breakups of Big Tech, an end to the Electoral College and a national Right to Repair law for farm equipment. Read more on BoingBoing. To be clear, as I don’t think Cory’s article was, this bill may be in conjunction with her bid for the Democratic nomination, but this is not the first time Warren has proposed legislation relating to breaches. If you search this site for her name, you will find coverage of other breach-related activities on her part going back to 2014.

Senator Warren introduces Equifax bill; launches industry probe

Chris Sanders reports: U.S. Senator Elizabeth Warren said on Friday she has begun an investigation into Equifax’s (EFX.N) massive data breach and, along with 11 other Democratic senators, will introduce a bill to give consumers the ability to freeze their credit for free. Warren, who has built a reputation as a champion of consumers and often challenges the finance industry, also wrote letters to Equifax and its rival credit monitoring agencies TransUnion (TRU.N) and Experian (EXPN.L), federal regulators, and the Government Accountability Office for information to see if new federal legislation was needed to protect consumers. Read more on Reuters. The fact that she has to ask is somewhat depressing. Why haven’t they been listening to us for the past dozen years or so while we’ve been getting cyber-laryngitis from screaming about these problems? Freezing a credit report for free will save consumers some money, sure, but that still fails to deal with the bigger issues: that these companies collect and store information on us without our consent and there are no statutory consequences for poor or sloppy security. As we’ve noted many times here, the FTC does not have the authority under Section 5 to impose monetary fines for a data breach. Yes, perhaps they can get a consent decree, but what/where is the “OMG, we can’t risk THAT happening to us” penalty or consequence to motivate firms?

Senator Leahy introduces Consumer Privacy Protection Act; federal data breach notification law

Eric Chabrow reports: Privacy advocates in the Senate have unveiled a national data breach notification bill that would allow states to keep their own laws if they provide more stringent reporting and privacy protections than offered by the federal government. The Consumer Privacy Protection Act, introduced April 30, is sponsored by Sen. Patrick Leahy of Vermont along with five other Democratic senators as cosponsors: Al Franken of Minnesota;, Ed Markey and Elizabeth Warren, both of Massachusetts; Richard Blumenthal of Connecticut; and Ron Wyden of Oregon. Read more on BankInfoSecurity.com. I need to read the whole text, but so far, this may be the best/most protective proposal we’ve seen in this session of Congress.

Congress to banks: Admit you’ve been hacked!

Jose Pagliery reports: Banks have lost so much consumer information to hackers this year that two members of Congress are asking them to come clean with the extent of the damage. Tuesday morning, 16 financial institutions will receive letters from Sen. Elizabeth Warren and Rep. Elijah E. Cummings asking them to admit that they have been hacked, explain how it happened and be transparent about what they lost. Read more on CNN Money.

House, Senate Democrats seek details from financial firms on data breaches

Mark Hosenball reports: Leading Democrats in both houses of Congress sent letters on Tuesday to 16 major banks and other financial firms requesting detailed information about recent data breaches and briefings from corporate data security officials. Among the companies targeted in letters sent by Senator Elizabeth Warren, a member of the Senate Banking Committee, and Representative Elijah Cummings, the top Democrat on the House Oversight and Government Reform Committee, were banks, investment firms and other financial service providers. Read more on Reuters, where you can find a list of the 16 banks. Significantly (from my perspective, anyway), the letter only asks about the last year and fails to include two major banks that have had repeated insider breaches.  One of those banks – TD Bank – was the target of a complaint this blogger/advocate filed with the CFPB earlier this year.