FTC encourages Congress to pass national breach notification legislation, among other efforts The data breaches like the one at Target and more recently a unit of credit bureau Experian are fueling consumer protection efforts that could have an impact on business.This week, the Federal Trade Commission urged Congress to pass national breach notification legislation, while in California, a bill introduced recently in the state Legislature would ban businesses from storing certain customer data for long periods of time.The end result of the latest activity might not be known, but the trend is clear. High-profile data breaches are bolstering critics’ arguments that government needs to step in to protect consumers.The problem is that no matter how cautious people are, the safety of their personal data relies on the third-party that stores it. “We tell individuals to simply assume that your personal information is going to be compromised and to take steps to protect yourself on a daily basis,” Beth Givens, director of the Privacy Rights Clearinghouse, said. “However, there is nothing any consumer could have done to prevent being affected by these breaches.”The breaches include retailer Target, which had the personal data of 110 million shoppers stolen from its computers by hackers in December. More recently, a breach at a subsidiary of Experian exposed the social security numbers and other personal data of 200 million people, Reuters news agency reported. The incident has started a multi-state investigation on whether laws to protect consumer data were properly followed. On Wednesday, Edith Ramirez, chairwoman of the Federal Trade Commission told the Senate Committee on Homeland Security and Government Affairs that as more data breaches are reported the message becomes clear that “consumers’ data is at risk.”To reduce that risk, Ramirez asked that Congress require companies to notify consumers affected by a breach. In addition, Ramirez called on lawmakers to give the FTC the authority to seek civil penalties to deter unlawful conduct by companies, rulemaking authority to bolster protections and jurisdiction over non-profit entities, which are not currently under FTC oversight.In California, the bill introduced in the state Assembly would ban long-term storage or personal identification numbers, social security numbers and drivers license numbers. The proposal would also require retailers to cover consumers’ losses from data breaches. Businesses would also be required to notify victims within 15 days of a breach.“The provisions (of the bill) provide a great deal of additional consumer protection for individuals who have been affected by data breaches,” Givens said.Such legislation is not supported by businesses. NetChoice, a trade association of e-commerce businesses, pointed out in a blog post that retailers are also victims in data breaches, which can lead to millions of dollars in losses.“We shouldn’t resort to new legislation that penalizes the victim,” Carl Szabo, policy counsel for NetChoice, wrote. With most breaches, businesses are already punished by having to pay fines to credit card companies and reimburse banks for fraudulent charges on credit cards.Rather than pass additional laws, the association would prefer that Congress consolidate existing state laws on data breach notification into one federal standard.“Today, online and offline businesses face a patchwork of state laws, attorneys general and consumer organizations that play by different and confusing rules,” Szabo said. “A single federal standard for data breach notification would resolve the confusion and benefit both consumers and businesses.” Related content news UK Cyber Security Council CEO reflects on a year of progress Professor Simon Hepburn sits down with broadcaster ITN to discuss Council’s work around cybersecurity professional standards, careers and learning, and outreach and diversity. By Michael Hill Sep 27, 2023 3 mins Government Government Government news FIDO Alliance certifies security of edge nodes, IoT devices Certification demonstrates that products are at low risk of cyberthreats and will interoperate securely. By Michael Hill Sep 27, 2023 3 mins Certifications Internet Security Security Hardware news analysis Web app, API attacks surge as cybercriminals target financial services The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks. By Michael Hill Sep 27, 2023 6 mins Financial Services Industry Cyberattacks Application Security news Immersive Labs adds custom 'workforce exercising' for each organizational role With the new workforce exercising capability, CISOs will be able to see each role’s cybersecurity readiness, risk areas, and exercise progress. By Shweta Sharma Sep 27, 2023 3 mins Security Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe