Credit reporting agencies that suffer security glitches could be hit with hefty new fines under a bill introduced Wednesday by two Democratic lawmakers.
The "Data Breach Prevention and Compensation Act," unveiled by Senators Mark Warner (D-Virginia) and Elizabeth Warren (D-Massachusetts), would subject credit reporting agencies like Equifax to mandatory penalties of $100 per customer who had a piece of personally identifying information compromised. The measure would tack on an additional $50 for each extra piece of personal identifying information compromised.
The proposed bill comes four months after Equifax disclosed that hackers obtained personal information including names, Social Security numbers, birthdays and addresses -- of more than 140 million people. Company officials knew about the breach for at least six weeks before disclosing it.
The type of personal information covered by the bill includes names, Social Security numbers, drivers' license numbers, passport numbers, and biometric data like faceprints or fingerprints. Companies' total fines could come to between 50% and 75% of their gross revenue, depending on factors like whether they promptly disclosed the breach.
The measure also tasks the Federal Trade Commission with creating data security regulations for credit reporting agencies. The FTC has previously prosecuted businesses like Wyndham hotels over cybersecurity breaches, but those cases were often tied to the companies' privacy policies.
Warren and Warner aren't the only lawmakers to introduce legislation connected to the Equifax data breach. Last year, Sens. Edward J. Markey (D-Mass,), Richard Blumenthal (D-Conn.), Sheldon Whitehouse (D-R.I.) and Al Franken (D-Minn.) introduced the Data Broker Accountability and Transparency Act, which would give consumers the right to prevent their information from being sold by data brokers for marketing purposes.