Holder Urges Congressional Action on Data Breaches

U.S. Attorney General Eric H. Holder Jr. has called on Congress to establish a national data breach notification standard that overrides a patchwork of state laws in the wake of the Target hack. Holder says such a standard would empower consumers to shield themselves against identity theft, as the faster they are alerted to a breach, the sooner they can look for suspicious activity on their accounts. Although the Securities and Exchange Commission says public companies must inform consumers of breaches provided it does not interfere with law enforcement probes, no standard for privately held companies exists. Identity Theft Resource Center CEO Eva Velasquez says the national attention engendered by the Target intrusion has spurred “a much-needed conversation about the importance of uniform regulation.” Holder refutes the industry argument that public disclosure of breaches could jeopardize investigations, and stresses that a federal standard would “enable law enforcement to better investigate these crimes—and hold compromised entities accountable when they fail to keep sensitive information safe.” Among the notification bills recently proposed in Congress is legislation requiring companies to inform federal agencies of breaches and the public of any breach that impacts more than 5,000 customers.

[divide]

From “Holder Urges Congressional Action on Data Breaches”
Washington Post (02/25/14) Douglas, Danielle