One proposal: A maximum administrative penalty of $10 million or three per cent of an organization’s gross global revenue for violating the law. For failing to report a breach of security safeguards, failing to abide by a compliance order or de-identifying personal information that had been de-identified, an organization might be penalized up to $25 million or five per cent of its global revenue.
Tweet
Share