FTC encourages Congress to pass national breach notification legislation, among other efforts The data breaches like the one at Target and more recently a unit of credit bureau Experian are fueling consumer protection efforts that could have an impact on business.This week, the Federal Trade Commission urged Congress to pass national breach notification legislation, while in California, a bill introduced recently in the state Legislature would ban businesses from storing certain customer data for long periods of time.The end result of the latest activity might not be known, but the trend is clear. High-profile data breaches are bolstering critics’ arguments that government needs to step in to protect consumers.The problem is that no matter how cautious people are, the safety of their personal data relies on the third-party that stores it. “We tell individuals to simply assume that your personal information is going to be compromised and to take steps to protect yourself on a daily basis,” Beth Givens, director of the Privacy Rights Clearinghouse, said. “However, there is nothing any consumer could have done to prevent being affected by these breaches.”The breaches include retailer Target, which had the personal data of 110 million shoppers stolen from its computers by hackers in December. More recently, a breach at a subsidiary of Experian exposed the social security numbers and other personal data of 200 million people, Reuters news agency reported. The incident has started a multi-state investigation on whether laws to protect consumer data were properly followed. On Wednesday, Edith Ramirez, chairwoman of the Federal Trade Commission told the Senate Committee on Homeland Security and Government Affairs that as more data breaches are reported the message becomes clear that “consumers’ data is at risk.”To reduce that risk, Ramirez asked that Congress require companies to notify consumers affected by a breach. In addition, Ramirez called on lawmakers to give the FTC the authority to seek civil penalties to deter unlawful conduct by companies, rulemaking authority to bolster protections and jurisdiction over non-profit entities, which are not currently under FTC oversight.In California, the bill introduced in the state Assembly would ban long-term storage or personal identification numbers, social security numbers and drivers license numbers. The proposal would also require retailers to cover consumers’ losses from data breaches. Businesses would also be required to notify victims within 15 days of a breach.“The provisions (of the bill) provide a great deal of additional consumer protection for individuals who have been affected by data breaches,” Givens said.Such legislation is not supported by businesses. NetChoice, a trade association of e-commerce businesses, pointed out in a blog post that retailers are also victims in data breaches, which can lead to millions of dollars in losses.“We shouldn’t resort to new legislation that penalizes the victim,” Carl Szabo, policy counsel for NetChoice, wrote. With most breaches, businesses are already punished by having to pay fines to credit card companies and reimburse banks for fraudulent charges on credit cards.Rather than pass additional laws, the association would prefer that Congress consolidate existing state laws on data breach notification into one federal standard.“Today, online and offline businesses face a patchwork of state laws, attorneys general and consumer organizations that play by different and confusing rules,” Szabo said. “A single federal standard for data breach notification would resolve the confusion and benefit both consumers and businesses.” Related content news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Vulnerabilities news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO Risk Management news Cybersecurity experts raise concerns over EU Cyber Resilience Act’s vulnerability disclosure requirements Open letter claims current provisions will create new threats that undermine the security of digital products and individuals. By Michael Hill Oct 03, 2023 4 mins Regulation Compliance Vulnerabilities feature The value of threat intelligence — and challenges CISOs face in using it effectively Knowing the who, what, when, and how of bad actors and their methods is a boon to security, but experts say many teams are not always using such intel to their best advantage. By Mary K. Pratt Oct 03, 2023 10 mins CSO and CISO Advanced Persistent Threats Threat and Vulnerability Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe