Senator Elizabeth Warren Proposes Holding Negligent Executives Criminally Liable for Data Breaches

Senator Elizabeth Warren is proposing an amendment that would establish criminal liability for negligent executive officers of major corporations.

The Corporate Executive Accountability Act would enable regulators to fine and even imprison executives who turned a blind eye to scams or were otherwise negligent with the company’s assets. The bill targets corporations turning over $1 billion or more annually, which means the law would apply to a ‘wealth’ of corporations across the nation.

Examples of companies whose management would have been punished by the act include Equifax (with its massive 2017 data breach), Facebook (with its long streak of privacy and security blunders), and hotel chain Marriott (which suffered a major APT-style attack late last year). Plenty of other companies could be mentioned here, including Wells Fargo with its fake-accounts scam, as reported by boingboing.net, an outspoken source of left-wing politics.

A Bitdefender survey of 250 IT decision makers in the United States at companies with more than 1,000 PCs found that 73% of IT decision makers fear the financial compensation the company might have to pay in the event of a security breach, while 66% even fear losing their job. While these fears are not unfounded (Equifax fired the CEO and two other executives after the 2017 breach), there is also room for more ‘incentive’ to maintain a good security posture.

Warren’s commentators describe her position as left-wing populism. She has proposed the bill as she seeks to become the Democratic candidate in the 2020 Presidential elections, but this is not the first time she has sought legislation related to data breaches.