Is it Time to Create a National Data Breach Alert?
With data breaches becoming all too common, Attorney General Eric Holder is calling for a new alert to make customers aware when their information has been compromised.
“This would empower the American people to protect themselves if they are at risk of identity theft. It would enable law enforcement to better investigate these crimes – and hold compromised entities accountable when they fail to keep sensitive information safe. And it would provide reasonable exemptions for harmless breaches, to avoid placing unnecessary burdens on businesses that do act responsibly,” Holder said in the video.
In the wake of Target’s (NYSE:TGT) massive data breach, calls for the U.S. to shift to EMV or chip-based cards to better protect consumers and for increased communication between retailers and shoppers post- breach have been growing.
Holder posted a video to the Justice Department’s website Monday, urging Congress to require retailers to immediately report data breaches to both consumers and law enforcement.
Target has been criticized for not informing consumers fast enough after announcing on Dec. 23 it suffered a massive data breach that started nearly one month earlier on Nov. 27, and lasted through Dec. 15. The breach impacted 70 million consumers nationwide who shopped in stores with credit and debit cards.
"Following the confirmation of the data breach, Target moved swiftly to notify our guests and the public, with the goal of providing accurate and actionable information. As a part of that process, we ensured that we satisfied all of the state legal notification requirements. We continue to monitor the commentary around notification standards and welcome the opportunity to be a part of the discussion going forward," a Target spokesperson said in an e-mail message to FOXBusiness.com.
Neiman Marcus was also hit by a smaller-scale breach in July, but did not notify consumers until January, after Target’s announcement.
Currently, there are breach notification laws across 46 different states and the District of Columbia, but Adam Levin, co-founder of IDT 911, says what Holder is really looking for is a national breach notification law. Levin notes that New York, Connecticut and California are all known for their tough state laws holding retailers accountable, but a federal mandate could potentially better protect consumers nationwide.
Levin says retailers sometimes have to wait to reveal breaches as investigations are ongoing, but that leaves consumers at risk.
“Law enforcement can slow down the process,” he says. “If they are involved in an investigation, they can say, ‘we don’t want to tell anyone about it until we know something is going on.’”
In fact, Target’s massive breach was first reported by Brian Krebs, cyber security expert, who was tipped off by the banks who were dealing with credit card issues.
“We need a federal law that says we should be notifying people as quickly as possible—it’s very clear that to date, businesses haven’t’ done a good job of protecting the public if there’s a breach,” he says. “I’d love to see something like a Richter scale for earthquakes, to measure the categories of breach, so consumers would know what level they need to protect themselves at.”