Senator Ron Wyden [D-OR] (previously) has introduced the Consumer Data Protection Act, which extends personal criminal liability to the CEOs of companies worth more than $1B or who hold data on more than 50,000,000 people who knowingly mislead the FTC in a newly mandated system of annual reports on the steps the company has taken to secure the data.
CEOs whose companies lie to the FTC about these measures will face 20 years in prison and $5 million in fines for breaches.
This reminds me of the criminal liability regime in the Sarbanes-Oxley bill passed after the Enron scandal, which threatened jail sentences for CEOs who signed their name to false financial statements and had far-reaching consequences (for example, record labels had been routinely running "third shift" pressings to produce extra, off-the-books copies of popular CDs that would be sold in record stores but without sending any royalties to the musicians involved -- after SOX, this came to an abrupt halt).
It turns out that when the CEO's freedom is on the line, businesses manage to create really effective policies to accomplish whatever it is the company needs to do to keep the CEO out of prison: “Depend upon it, sir, when a man knows he is to be hanged in a fortnight, it concentrates his mind wonderfully.”
From Facebook’s Cambridge Analytica scandal to Verizon getting busted covertly tracking wireless users around the internet, it has become clear there’s not much in the way of genuine accountability or transparency when it comes to cavalier treatment of user data.
From the wrist slap Equifax received for failing to protect the private data of 145 million Americans, to the SIM hijacking and location data scandals plaguing the wireless sector in recent years, meaningful government inquiries, investigation, and punishment are often lacking.
“It’s time for some sunshine on this shadowy network of information sharing,” Wyden said. “My bill creates radical transparency for consumers, gives them new tools to control their information and backs it up with tough rules with real teeth to punish companies that abuse Americans’ most private information.”
The problem is that big business lobbyists will likely line up in opposition to a bill that genuinely protects privacy, meaning that Wyden’s bill faces a steep uphill climb.
Sen. Ron Wyden Introduces Bill That Would Send CEOs to Jail for Violating Consumer Privacy [Karl Bode/Motherboard]