A law(s) for data breaching is around the corner. And the time is right, what with the scads of data breaches involving major retailers lately. Details of customers’ addresses, phone numbers, credit cards and other sensitive information have ended up in the hands of hackers. We’re talking many tens of millions of affected consumers.
Despite this mushrooming problem, no consensus has yet arrived regarding just what role the government should assume to protect peoples’ data. But a common thread to the many ideas is customer notification once a data breach occurs. Though 46 states do have notification laws, retailers gripe that this makes them spend precious time complying with this instead of on fighting data infiltrations and repairing the fallout.
“We’ve long said that action is needed and hopefully we can see passage of data breach notification legislation this year,” says Brian Dodge, a senior vice president at the Retail Industry Leaders Association.
Recently the Data Security Act was introduced. It would require companies and banks to have privacy protections and investigate breaches, plus alert customers about big risks of theft or fraud. Banks have complained about the costs of responding to data breaches and have insisted that retailers take more action to the fallout. The DSA could take some of this burden off banks.
“We think it’s important that essentially everybody up their game,” says Kenneth Clayton, an executive VP and chief counsel at the American Bankers Association. This needs to occur whether through law or industry action, Clayton adds.
The FTC may even get involved. But how much should the government get involved, though? “The idea that the government would do a better job than private industry is a horrible idea,” says John Kindervag, a principal analyst at Forrester Research, an advisory firm.
However, a 2014 priority for the FTC is to protect sensitive health and financial information. “The FTC has long been concerned that this type of sensitive data warrants special protections,” says Jessica Rich, head of the FTC’s consumer protection bureau. She adds that the FTC strongly supports the possibility of new laws that would protect consumers.
Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Banks and Retailers fight it out over Who’s at fault
The duking out between banks and retailers was launched this past December when a credit card data breach occurred to an estimated 110 customers of a big retail store. Is the retailer responsible? Should the credit card issuers or banks take the brunt of preventive action? What about the consumer? Lawmakers are trying to figure out
- Post-Data Breach Reputation Building
You WILL be hacked. Remember that mantra if you’re a business. Business leaders need to realize the effect that a data breach would have on customers and clients—an aftermath of distrust which can take a lot of time and money to rebuild. Interactions is a customer experience marketing group that released a study called “Retail’s Reality:
- What is a Data Breach and how do I protect Myself?
When protected, sensitive or confidential data is accessed or used by someone without authority, this is a data breach. This can involve any kind of data such as personal health, financial, or business related. Not all data breaches result from hacking into a computer. One can breach data simply by peering over someone’s shoulder at the
- Cyber Security Insurance Difficult for Business to Navigate
Cyber insurance is now booming, with about 50 carriers in the industry. An increasing number of companies have cyber insurance to protect against cyber crime. However, businesses claim it’s not easy to get adequate coverage. Losses from data breaches are difficult to quantify. The tangible losses are more easily insured, says a New York Times online
- Data Breach Notification Bill goes to the House
H.B. 224, a newly introduced data breach notification bill for New Mexico, would mandate that organizations notify breached individuals within 10 days of breach discovery (unencrypted credit card data); and within 10 business days notifying the state attorney general if more than 50 NM residents are affected. The bill allows for a shorter notification deadline and