To help cork up the leaky internet, Oregon Senator Ron Wyden introduced a bill that would better equip the Federal Trade Commission (FTC) to deal with personal data breaches, according to The Oregonian. In particular, the executives of large tech companies with lax cybersecurity could face jail time and steep fines.
“The point is the Federal Trade Commission on privacy issues thus far has basically been toothless, Wyden told The Oregonian. “I am trying to recreate this agency for the digital era.”
Wyden’s bill, which faces steep odds in the Republican-controlled Senate, would give the FTC the power to introduce and, more importantly, actually enforce national cybersecurity standards. Any new standards introduced by the FTC would be mandatory for large companies that handle sensitive user data, but smaller companies with fewer resources than the tech giants wouldn’t be forced to commit to the same investments in cybersecurity as their larger competitors.
Also, the bill would give people who use online services like Google or Facebook the option to purchase a “do not track” subscription that prevents their personal data from being sold to third parties, according to The Oregonian.
Wyden’s bill won’t actually punish companies when a data breach occurs. Rather, large companies would be punished if they falsify reports to the FTC about their cybersecurity and data privacy practices. Basically, breaches may still occur, but as long as the company had been following the FTC’s best practices, Wyden’s bill won’t come into effect.
Like the Sarbanes-Oxley Act, a 2002 law meant to prevent corporate fraud, Wyden’s bill holds executives directly responsible for their company’s violations. If they’re found to be in violation of FTC standards, a large company’s executives could face 20 years in prison and fines of up to four percent of the company’s annual revenue.
READ MORE: Wyden pitches jail time, billions in fines for online privacy violators with ‘Do Not Track’ bill [The Oregonian]
More on cybersecurity: The US Finally Has a Defense Agency Devoted to Cybersecurity