Senator Richard Blumenthal introduced a new online security bill that will punish companies who are careless with their customers' information. These are companies like Sony who got royally hacked earlier this year by Anonymous, an attack that compromised the data of 77 million subscribers to the Playstation network and cost Sony an estimated $171 million. Blumenthal says, "The Sony data breach has became a poster child of why we need this law." The ever attention-hungry hacktivists at Anonymous must be thrilled.
The law's details read like a win-win for both customers and companies. Nick Bilton explains the broad strokes at The New York Times:
The bill presented by Senator Blumenthal would introduce regulations for companies that store online data for more than 10,000 people. These rules would require companies to follow specific storage guidelines and ensure that personal information is stored and protected correctly. Companies that do not adhere to these security guidelines could be subject to stiff fines.
The win for customers is a no-brainer. Most people don't even realize when they're a victim of a breach, and the government has an increasingly embarrassing track record of keeping citizens safe from cybercrime, so anything helps. At first glance, though, a phrase like "subject to stiff fines" doesn't read like a benefit to companies, but we need only look back up at what this spring's Anonymous attack ultimately cost Sony to realize how the new law is actually designed to save companies money. The fines are pretty steep, though. "The Justice Department will be able to fine firms that violate the law $5,000 per violation per day, with a maximum of $20 million per violation," reports The Hill. "Individuals affected by violations of the law will also have the ability to bring civil actions against the businesses involved."