CEOs of companies that sell or misuse personal data will face up to 20 years in prison and 5M USD fines. New law coming

A new measure against misuse of personal information involves severe penalties for executives of any company. According to data protection experts, the US Congress has proposed a new bill known as the “Mind Your Own Business Act”. As set forth in this project, senior executives of any company who engage in erroneous information management practices would face long jail time in addition to million-dollar fines.

The bill was presented by Democratic Sen. Ron Wyden last October 17, and requires companies to elaborate annual reports on their data protection policies and practices, endorsed by their CEOs, to demonstrate compliance with information security laws. This law would be part of another bill introduced in November 2018, known as the Consumer Data Protection Act.

Any private company that trades information from more than 50 million users, or any company that controls information from at least one million users and which earns revenue of $1 billion USD annually, will have to comply with this law.

As reported by data protection experts, if a company intentionally submits a report with false information, it will be fined up to $5 million USD, and the CEO responsible for the report could be sentenced for up to 20 years of prison. The law also states that users of these companies can require details about the information collected, its use and details about third parties with access to such information.

Another important point included in the bill is the creation of a website for users of each company to customize the permissions of access and collection of personal information. “Users will finally have control over what information they will share with the companies,” says Senator Wyden.

This is not the first project of its kind. According to data protection experts from the International Institute of Cyber Security (IICS), the New York State Legislature recently passed the bill known as the Stop Hacking and Improving Digital Data Security Act (SHIELD). The intention of this law is to provide full transparency in the use of personal data, in addition to establishing stricter penalties against companies that do not comply with these measures properly.