By Pete Schroeder
WASHINGTON (Reuters) - Two Senate Democrats are proposing large new fines for credit reporting agencies that lose consumers' personal information in data breaches, according to a bill they introduced on Wednesday.
The bill would impose potentially significant fines against companies like Equifax (NYSE:EFX), TransUnion, and Experian if their cyber security fails to ward off hackers trying to obtain sensitive data. It also would establish a new Office of Cybersecurity at the Federal Trade Commission, and charge it with monitoring cyber security at those companies.
Senators Mark Warner and Elizabeth Warren's bill is in response to a data breach at Equifax that put the information of 145 million Americans at risk. The bill faces an uphill climb in a Republican-led Congress, but if it became law, would allow the government to fine as much as 75 percent of a credit reporting agency's gross revenue should a hack occur.
"Our bill imposes massive and mandatory penalties for data breaches at companies like Equifax – and provides robust compensation for affected consumers," Warren said in a statement.
The bill would fine a company $100 for each consumer that had a piece of personal information compromised in a data breach, with an additional $50 for each additional piece of data put at risk for each consumer. Those fines could add up to 50 percent of a company's gross revenue.
But, that penalty doubles if company fails to disclose the breach to regulators in a timely manner or has insufficient cyber security in place, and can add up to as much as 75 percent of a company's global revenue for the last fiscal year.