cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
(ISC)² Team

Jail time for keeping breaches secret?

Wired ran a story this week about the U.S. Senate introducing a bill to require jail time to executives who fail to report a breach within 30 days. 

 

Here's the bill itself: https://www.commerce.senate.gov/public/_cache/files/cbbd6ccf-752f-43a7-aae3-702f3feea3b4/4F4099F55C5...

 

Do you think this is a step in the right direction to hold people and organizations accountable? 

1 Reply
Contributor I

Re: Jail time for keeping breaches secret?

Hi,

I'm not subject to American Law (UK resident), but I would suggest that it might actually be a good idea.

"Jail Time" can be quite subjective, bearing in mind there is no hard and fast rule to decide how long an individual would spend incarcerated for such an offence.

 

However, it would leave a permanent mark on someone's record, so would serve as a deterrent to keeping breaches secret.

 

In my opinion, it seems a little archaic in approach as people are ultimately coerced into admission of such breaches, or risk punishment. Surely a better option would be to reward those who proactively protect themselves, and incentivise the reporting of a breach by offering an amnesty or even help.

 

Of course, should someone be breached due to complete ignorance, then throw the book at them, as a lesson needs to be learned, but should you do everything possible to avoid an issues yet get stung, help should be given, wherever possible.