National data breach notification law introduced by Senate Commerce Committee members
Patrick Howell O’Neill reports:
Three Democratic senators introduced legislation on Thursday requiring companies to notify customers of data breaches within thirty days of their discovery and imposing a five year prison sentence on organizations caught concealing data breaches.
The new bill, called the Data Security and Breach Notification Act, was introduced in the wake of reports that Uber paid $100,000 to cover up a 2016 data breach that affected 57 million users.
Read more on CyberScoop, where they’ve uploaded a copy of the bill. I’ve not yet had time to compare the bill to the bill of the same name introduced by Senator Nelson during the last Congress, but some of the described provisions sound like it may be the same bill or basically the same bill.