• United States



by Dave Gradijan

New Law Would Require Reporting of Breaches

May 16, 20062 mins
CSO and CISOData and Information Security

A bill introduced in Congress calls for prison time and stiff fines for company executives who fail to inform law enforcement when a digital break-in jeopardizes consumers’ personal and financial data, Brian Krebs reports from his Security Fix blog on

The blog states that the Cyber-Security Enhancement and Consumer Data Protection Act of 2006, introduced by House Judiciary Chairman James Sensenbrenner (R-Wis.) would punish companies for failing to notify the Secret Service or the FBI of an electronic database breach if that archive holds information on 10,000 or more people or data on federal employees.

In addition to fines, the bill also calls for prison sentences that could reach up to five years. reported more than 100 businesses losing control of customer data in 2005.

Krebs reports that 28 states have enacted some form of data-breach notification law.

However, he wrote that despite the disclosures, many business are still not willing to notify law enforcement. The results of an FBI and Computer Security Institute survey show that only one in five businesses reported digital intrusions.

For more on data breaches, read Breach Brigade and The Five Most Shocking Things About the ChoicePoint Debacle.

Keep checking in at our Security Feed page, or subscribe via RSS, for updated news coverage.

By Paul Kerstein