Private consumers frequently face privacy concerns caused by tech firms’ failure to properly use, store and protect their personal data. In October 2019, Oregon Senator Rob Wyden introduced a bill called the Mind Your Own Business Act that proposes jailing or otherwise punishing the CEOs of responsible companies in an attempt to curb data misuse.
If your company handles private client data, you should understand the potential ramifications of this law and take steps to improve your firm’s information security program.
Scope of the bill
The provisions of the Mind Your Own Business Act as currently written apply only to companies with gross receipts of at least $50 million and data collection that covers at least 1 million devices or individuals. Some lawmakers have expressed concerns that limiting the bill’s application only to the tech industry may be unlawful or even unconstitutional.
Expanded FTC protections
Under the bill, the Federal Trade Commission would have enhanced authority to require covered entities to:
- Allow customers to annually review their data and a list of other entities with access to that data upon request
- Provide a means for customers to challenge inaccurate data
- Establish policies and procedures to safely collect and store clients’ personal data
- Review the effects of machine learning and artificial intelligence systems that may negatively impact privacy
Consequences for privacy violations
The bill establishes civil and criminal penalties for executives whose companies misuse consumer data. A CEO or chief privacy officer could receive 10 to 20 years in prison, as well as a fine of 25% of his or her annual gross revenue, or $5 million (whichever is greater). The person will also be subject to a tax penalty of the highest possible tax assessment rate for the past three years.