U.S. Attorney General Eric Holder is pushing for federal legislation that would govern how companies react after suffering a data breach. In a recent video address, Holder called on Congress to pass a law creating “a strong national standard” that would force firms to more quickly alert consumers when personal information is hacked.
“As we’ve seen, especially in recent years, these crimes are becoming all too common,” Holder said. “And they have the potential to impact millions of Americans every year. It is time for leaders in Washington to provide the tools that we need to do even more by requiring businesses to notify American consumers and law enforcement in the wake of significant data breaches.”
Several bills that mimic Holder’s stipulations have already been introduced by legislators this year, as lawmakers seek an adequate response to significant recent breaches. Among the bills are the Personal Data Privacy and Security Act as well as the Data Security and Breach Notification Act. No measures have been brought to a vote, though, and similar bills authored in the past have failed to win passage. On a more local level, 46 states and the District of Columbia have some data breach notification rules as law, but the measures vary greatly and provide little clarity when national companies are involved.
The latest bills may have stronger Congressional support, however, in the wake of the much-publicized data breach at retailer Target, which exposed payment card information for up to 40 million people. Target began informing customers of a suspected breach on December 23, but the data appears to have been stolen between November 27 and December 15 of last year. During a Capitol Hill hearing in February, lawmakers questioned why it took so long for Target to report the hacking.
While any new legislation would squarely impact major retailers, it could also affect ad specialty industry firms, especially those with at least 1,000 clients. “I do support the enforcement of national standards for disclosing data breaches,” said David Woods, president of Top 40 distributor AIA Corporation (asi/109480). “This always comes down to balancing the needs of the different parties, and balancing individual privacy with the broader interests of the public at large.”
Memo Kahan, president of Top 40 firm PromoShop (asi/300446), thinks any new federal reporting rules wouldn’t pose major challenges for ad specialty firms. “I do not believe this will be a detriment to our industry, as long as we are aware and do everything within our scope to update and keep up with these breaches,” he said. “Since the recent retailer breaches, we have changed our process to maintain better security and have a better understanding of what challenges are out there.”