A bipartisan Senate bill would require some businesses to report data breaches to law enforcement within 24 hours or face financial penalties and the loss of government contracts.

The legislation from Senate Intelligence Chair and Democratic Senator Mark Warner with Republican Senators Marco Rubio and Susan Collins is just one of several new cybersecurity bills that will likely be debated this year.

If passed, the bill could require certain U.S. businesses to do much more to protect their customers’ data, and it may levy serious penalties against businesses that fail to act.

What We Know About the Draft Bill

Senator Warner previewed the bill during an Axios event on cybersecurity. Joined by experts on cybersecurity policy, Warner laid out his vision for more effective cybersecurity legislation.

“Congress needs to act … We are working on a bill that would require mandatory reporting if you are a critical infrastructure company or a federal government contractor or the government itself … What we have right now is simply voluntary reporting.”

The text of the draft bill, while not publicly available yet, has been obtained by a number of major news networks including Politico and CNN.

The bill would apply to government agencies, federal contractors, and “critical infrastructure owners and operators” including businesses involved in manufacturing, energy production, and financial services.

In addition to the 24-hour reporting requirement, businesses would also be required to continue sharing information for a 72-hour period after the breach is reported.

The move follows a number of high-profile cyberattacks on essential U.S. infrastructure including the Colonial Pipeline breach, an event which took down the largest fuel pipeline in the United States and caused fuel shortages across the East Coast. If passed, the legislation would join a growing number of cybersecurity rules and regulations.

(Read more...)