A new measure against misuse of personal information involves severe penalties for executives of any company. According to data protection experts, the US Congress has proposed a new bill known as the “Mind Your Own Business Act”. As set forth in this project, senior executives of any company who engage in erroneous information management practices would face long jail time in addition to million-dollar fines.
The bill was presented by Democratic Sen. Ron Wyden last October 17, and requires companies to elaborate annual reports on their data protection policies and practices, endorsed by their CEOs, to demonstrate compliance with information security laws. This law would be part of another bill introduced in November 2018, known as the Consumer Data Protection Act.
Any private company that trades information
from more than 50 million users, or any company that controls information from
at least one million users and which earns revenue of $1 billion USD annually,
will have to comply with this law.
As reported by data protection experts, if a
company intentionally submits a report with false information, it will be fined
up to $5 million USD, and the CEO responsible for the report could be sentenced
for up to 20 years of prison. The law also states that users of these companies
can require details about the information collected, its use and details about
third parties with access to such information.
Another important point included in the bill is
the creation of a website for users of each company to customize the
permissions of access and collection of personal information. “Users will
finally have control over what information they will share with the
companies,” says Senator Wyden.
This is not the first project of its kind.
According to data protection experts from the International Institute of Cyber
Security (IICS), the New
York State Legislature recently passed the bill known as the Stop
Hacking and Improving Digital Data Security Act (SHIELD). The intention of this
law is to provide full transparency in the use of personal data, in addition to
establishing stricter penalties against companies that do not comply with these
measures properly.
