> "My proposal would impose similar criminal liability for negligent executives of any company with more than $1 billion in annual revenue in a variety of circumstances, including if that company is found guilty of a crime or is found liable for a civil violation affecting the health, safety, finances or personal data of 1 percent of the U.S. population or 1 percent of the population of any state."
What an odd way to structure that threshold. 1% of the population of Wyoming is 5,800 people. 1% of California is almost 400,000. And 1% of the country is 3.3 million.
I think it's actually a very intelligent threshold structure. It scales with the population of the state/country in which a company committed a crime.
For example, let's say Equifax illegally sold the entire contents of the W-2 Forms (or similarly sensitive data) of 6500 to... oh, idk, Belarussian intelligence agencies (random example). This is no less egregious of a crime than selling 420,000 W-2 Forms of Californians to the same people.
It matters quite a lot to the people affected by criminal negligence; and a companies' (and its executives') responsibility to data security is not in any way diminished by serving only 100,000 people rather than 2 million people.
Would it also be covered if they didn't fix their infrastructure after they knew it had problems and someone external stole 6500 tax returns? It should.
I'm not Warren, but I would assume that the threshold scales so as not to stifle competition by creating very high barriers to entry. 5000 people isn't a lot per se, especially with the internet. Imposing very heavy handed regulation on budding small companies in the exact same we one would impose it on Wells Fargo, Google, or Amazon, just serves to entrench established businesses and push industries further towards oligopolies.
7 comments
[ 3.2 ms ] story [ 37.2 ms ] threadWhat an odd way to structure that threshold. 1% of the population of Wyoming is 5,800 people. 1% of California is almost 400,000. And 1% of the country is 3.3 million.
For example, let's say Equifax illegally sold the entire contents of the W-2 Forms (or similarly sensitive data) of 6500 to... oh, idk, Belarussian intelligence agencies (random example). This is no less egregious of a crime than selling 420,000 W-2 Forms of Californians to the same people.
It matters quite a lot to the people affected by criminal negligence; and a companies' (and its executives') responsibility to data security is not in any way diminished by serving only 100,000 people rather than 2 million people.
Idk, just my $0.02