It is the closing part of 2021 and yet again another major data breach has occurred. T-Mobile has let its consumer data become exposed........again. While they issue their public apologies and commit to long term security growth, inevitably, they will fail again. This is unacceptable. There are standards that Credit Card corporations enforce over these companies yet they are not law. Payment Card Industry Data Security Standard (PCI DSS) is something that all major companies are SUPPOSE to be following. This year it has caused major headlines with government promising change. We need to stop asking for the change and demand the change. 

Visa, Mastercard, and American Express all follow PCI DSS and levy fines against companies monthly who are breached and not compliant. However, the fines that they are able to sanction are no where near enough for a company to feel the effect. It is better in most companies eyes to pay for insurance and pay the one time pay out then to maintain security. For example, the maximum fine that can be placed on a company is $100,000 dollars. A quick Google search will show T-Mobile touting a 68.4 BILLION dollar year in 2020. The fine for losing OUR data to malicious actors is nothing to them. 

The goal of this petition is to at a minimum make PCI DSS a law. This was already done in healthcare, with HIPAA in 1996. It is long overdue for our data to actively be secure and if not companies need to face the music. The minimum of the monthly fines need to be 5% of the companies overall revenue of the previous year. This needs to be in effect by May 1st 2022. This would ensure that companies would get compliant by the deadline or be subject to the fine. By making this a Federal law we could use the money accrued from fines towards STEM education, ensuring consumers in the future understand the risks.

Consumer Privacy is not optional. It is Our Right.