The US Attorney General is calling on Congress to develop and pass legislation aimed at alerting customers when personal information is at risk of being stolen during a cyber breach.
In Attorney General Eric Holder’s weekly video message, he said he wants Congress to enact a “strong national standard for quickly alerting customers whose information may be compromised.”
Other than protecting victims of cyber crime, Holder said such a law—which currently doesn’t exist on the federal level—would make it easier for law enforcement to investigate these crimes and “hold compromised entities accountable when they fail to sensitive information safe.”
He added any law should provide for exemptions for businesses that do act responsibly to notify consumers.
Currently 46 states as well as the District of Columbia, Puerto Rico, Guam and the Virgin Islands have some kind of notification laws following breaches but each law differs—including what each defines as a breach, personal information or what is required to fulfill notification obligations.
Early in February a series of Senate hearings focused on US cyber security and the rights of consumers.
US Senate Judiciary Committee chairman Sen. Patrick Leahy (D-Vt.) in early January reintroduced legislation to install tougher penalties for the concealment of a breach; require companies to protect data privacy and security; and update current law to make harsher criminal penalties for attempted hacking and conspiracy to commit hacking .
The bill, the “Personal Data Privacy and Security Act” is co-sponsored by Senators Al Franken (D-Minn.) and Chuck Schumer (D-NY).
Leahy has brought the bill to Congress for several years but it—as well as others like it—has always languished and fallen off the radar.
Holder said it is “time for leaders in Washington to provide the tools [authorities] need to do even more” than what is being done now. He said the Department of Justice, with the US Secret Service, is currently investigating last year’s data breach at Target stores. Holder also mentioned the data breach at Neiman Marcus, announced shortly after Target.
Meanwhile, The US House Committee on Oversight and Government Reform has requested that Target Corp. submit internal documents and messages related to the data breach. The committee wants all correspondence from the start of November under mid-December, according to a letter from the committee obtained by Reuters.
Target said net earnings were $520 million in the fourth quarter of 2013, down 46 percent from the same period the year before.
The third-largest US retailer said fourth-quarter expenses related to the breach stood at $61 million. It expects $44 million in insurance payments.
Target told investors it is “not able to estimate future expenses related to the data breach.” Costs could include payments to payment-card networks for alleged fraud and other expenses as well as costs related to civil litigation, government actions and enforcement proceeding.
“These costs may have a material effect” on Target’s first-quarter and full-year earnings, the corporation said.
Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].
