Sony executives bowed down before the Japanese and international press earlier this year to tell everyone “we’re sorry”, but for those of us wondering if our credit card numbers were being sold off on the seedier parts of the web, somehow “we’re sorry”, just didn’t cut it. A new law being presented by Democratic Senator Richard Blumenthal however will finally start holding large companies responsible for cyber security, and impose pretty harsh penalties on firms that don’t take the appropriate precautions.
“The goal of the proposed law is essentially to hold accountable the companies and entities that store personal information and personal data and to deter data breaches,” Senator Blumenthal said in a phone interview. ”While looking at past data breaches, I’ve been struck with how many are preventable.”
The new bill is called “The Personal Data Protection and Breach Accountability Act of 2011”, and is the result of intense debate by Congress over how to force companies to do a better job protecting consumers who shop online. The bill itself targets companies that store data for more than 10,000 people, and set out specific guidelines for how to store critical information such as passwords and credit cards.
“The Sony data breach has became a poster child of why we need this law,” he said. “We were working on this legislation well before that data breach occurred, but Sony is a good example of why this law should exist.”