New legislation introduced in the US Senate by Elizabeth Warren (D-MA) and Mark Warner (D-VA) would result in credit reporting agencies being slapped with stiff fines if they play fast and loose with data security.

The Data Breach Prevention and Compensation Act [PDF] would impose a mandatory $100 fine per person affected on credit agencies that leak customer records each with at least one piece of personal identifying information (PII), and an additional $50 fine for every other piece of PII exposed.

The fines would be administered by the Federal Trade Commission, and the legislation requires that at least half of any fines collected would be funneled back to citizens whose data had been lifted by hackers. The bill would also set up a director and office of cybersecurity that would perform regular checks on the IT security of credit agencies and could fine businesses up to 75 per cent of their annual gross revenues for egregious computer defense failings.

Read full news article on The Register