Incident & Breach Response , Managed Detection & Response (MDR) , Security Operations

Sen. Warren Wants CEOs Jailed After Big Breaches

Bill Would Pave Way for Criminal Charges Against Execs for Corporate Wrongdoing
Sen. Warren Wants CEOs Jailed After Big Breaches
Sen. Elizabeth Warren, D-Mass.

Sen. Elizabeth Warren, D-Mass, has introduced legislation that would pave the way for top executives at major corporations to face criminal charges if their company's wrongdoing leads to harm, such as a major data breach.

See Also: The Alarming Data Security Vulnerabilities Within Many Enterprises

While business groups immediately criticized the plan, consumer advocates praised it.

The proposed bill, the Corporate Executive Accountability Act, would allow federal authorities to bring criminal charges, as well as to seek jail time, against corporate executives at companies with more $1 billion in annual revenue if the business is found guilty of criminal behavior or repeatedly violating federal law.

The goal of the legislation is to hold executives more accountable when their company "harms the health, safety, finances or personal data," of American citizens, Warren says in a statement.

"Corporations don't make decisions, people do, but for far too long, CEOs of giant corporations that break the law have been able to walk away, while consumers who are harmed are left picking up the pieces," says Warren, who is one of more than a dozen Democrats running for president.

The Reactions

Some business groups and defense attorneys immediately criticized the proposal, the Washington Post reports.

"Criminal penalties are the most drastic penalties a government can impose; we need to be very careful about how we use that," Tom Quaadman, executive vice president of the Center for Capital Markets Competitiveness at the U.S. Chamber of Commerce, told the Post.

"A better legislative response would be to give the [Securities and Exchange Commission] the budget it needs to do its job," said Stephen Crimmins, a former SEC enforcement lawyer who is now a partner at Murphy & McGonigle, the Post reports.

But Bartlett Naylor, a financial policy advocate at the Washington-based nonprofit organization Public Citizen, strongly supports Warren's proposed legislation.

"Lack of accountability invites more misconduct," Naylor tells Information Security Media Group. "Executives at Equifax apparently felt uncompelled to reveal [a massive data breach]; some insiders even profited through timely stock transactions. Warren's bill says: no mas. For significant companies, it lowers the bar on proof for prosecutors."

The 2017 data breach at Equifax that affected more than 143 million people, which was tied to several corporate missteps, indeed is an example of the type of case the legislation might address.

Top Equifax executives resigned following the breach, and while some are continuing to face questions from Congress, none are facing criminal charges tied to the breach. The former CIO of one Equifax unit, however, faces insider trading charges.

Warren's statement points to the case of Wells Fargo, where CEO Tim Sloan recently retired after facing criticism over the bank's practices, including opening up thousands of fake accounts without customers' consent.

A recent Government Accountability Office report concluded that larger fines against companies that mishandle customer data would give consumers greater protection.

Criminal Prosecution

The Warren proposal would expand federal law to help enable criminal prosecution of corporate executives under certain circumstances, including if a company is:

  • Found guilty, pleads guilty, or enters into a deferred or non-prosecution agreement for any crime;
  • Found liable or enters a settlement with any state or federal regulator for the violation of any civil law for action that affects the health, safety, finances or personal data of 1 percent of the American population or 1 percent of the population of any state;
  • Found liable or guilty of a second civil or criminal violation for a different activity while operating under a civil or criminal judgment of any court, a deferred prosecution or non-prosecution agreement, or settlement with any state or federal agency.

Under the bill, a first offense for an executive would result in a year-long prison term. A second offense could land a CEO in jail for three years.

In addition to the Corporate Executive Accountability Act, Warren reintroduced her 2018 bill, Ending Too Big to Jail Act. This measure would require CEOs who lead banks with $10 billion or more in assets to certify that no illegal activities are happening on their watch. It would also create a permanent investigative unit within the Treasury Department to pursue financial crimes.

About the Author

Scott Ferguson

Scott Ferguson

Former Managing Editor, GovInfoSecurity, ISMG

Ferguson was the managing editor for the media website at Information Security Media Group. Before joining ISMG, he was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.